* [PATCH 0/4] Use bools for xt_match and xt_target
@ 2007-06-04 15:09 Jan Engelhardt
2007-06-04 15:10 ` [PATCH 1/4] Switch hotdrop to bool Jan Engelhardt
` (4 more replies)
0 siblings, 5 replies; 17+ messages in thread
From: Jan Engelhardt @ 2007-06-04 15:09 UTC (permalink / raw)
To: kaber; +Cc: Netfilter Developer Mailing List
Hi,
(just an introductory message so that it looks nice in MUAs with thread
support)
Along comes... a four-patch set that transforms:
* xt_match->match(hotdrop) argument
* xt_match->match() return type
* xt_match->checkentry() return type
* xt_target->checkentry() return type
to booleans, because that is all they do right now.
Jan
--
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 1/4] Switch hotdrop to bool
2007-06-04 15:09 [PATCH 0/4] Use bools for xt_match and xt_target Jan Engelhardt
@ 2007-06-04 15:10 ` Jan Engelhardt
2007-06-04 15:19 ` Patrick McHardy
2007-06-04 15:10 ` [PATCH 2/4] Switch xt_match->match " Jan Engelhardt
` (3 subsequent siblings)
4 siblings, 1 reply; 17+ messages in thread
From: Jan Engelhardt @ 2007-06-04 15:10 UTC (permalink / raw)
To: kaber; +Cc: Netfilter Developer Mailing List
Switch the "hotdrop" variables to boolean
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
---
include/linux/netfilter/x_tables.h | 2 +-
net/ipv4/netfilter/arp_tables.c | 2 +-
net/ipv4/netfilter/ip_tables.c | 8 ++++----
net/ipv4/netfilter/ipt_addrtype.c | 2 +-
net/ipv4/netfilter/ipt_ah.c | 4 ++--
net/ipv4/netfilter/ipt_ecn.c | 6 +++---
net/ipv4/netfilter/ipt_iprange.c | 2 +-
net/ipv4/netfilter/ipt_owner.c | 2 +-
net/ipv4/netfilter/ipt_recent.c | 4 ++--
net/ipv4/netfilter/ipt_tos.c | 2 +-
net/ipv4/netfilter/ipt_ttl.c | 2 +-
net/ipv6/netfilter/ip6_tables.c | 12 ++++++------
net/ipv6/netfilter/ip6t_ah.c | 6 +++---
net/ipv6/netfilter/ip6t_eui64.c | 4 ++--
net/ipv6/netfilter/ip6t_frag.c | 6 +++---
net/ipv6/netfilter/ip6t_hbh.c | 6 +++---
net/ipv6/netfilter/ip6t_hl.c | 2 +-
net/ipv6/netfilter/ip6t_ipv6header.c | 2 +-
net/ipv6/netfilter/ip6t_mh.c | 6 +++---
net/ipv6/netfilter/ip6t_owner.c | 2 +-
net/ipv6/netfilter/ip6t_rt.c | 6 +++---
net/netfilter/xt_comment.c | 2 +-
net/netfilter/xt_connbytes.c | 2 +-
net/netfilter/xt_connmark.c | 2 +-
net/netfilter/xt_conntrack.c | 2 +-
net/netfilter/xt_dccp.c | 12 ++++++------
net/netfilter/xt_dscp.c | 4 ++--
net/netfilter/xt_esp.c | 4 ++--
net/netfilter/xt_hashlimit.c | 4 ++--
net/netfilter/xt_helper.c | 2 +-
net/netfilter/xt_length.c | 4 ++--
net/netfilter/xt_limit.c | 2 +-
net/netfilter/xt_mac.c | 2 +-
net/netfilter/xt_mark.c | 2 +-
net/netfilter/xt_multiport.c | 8 ++++----
net/netfilter/xt_physdev.c | 2 +-
net/netfilter/xt_pkttype.c | 2 +-
net/netfilter/xt_policy.c | 2 +-
net/netfilter/xt_quota.c | 2 +-
net/netfilter/xt_realm.c | 2 +-
net/netfilter/xt_sctp.c | 8 ++++----
net/netfilter/xt_state.c | 2 +-
net/netfilter/xt_statistic.c | 2 +-
net/netfilter/xt_string.c | 2 +-
net/netfilter/xt_tcpmss.c | 4 ++--
net/netfilter/xt_tcpudp.c | 16 ++++++++--------
46 files changed, 92 insertions(+), 92 deletions(-)
Index: linux-2.6.22-rc3-git6/include/linux/netfilter/x_tables.h
===================================================================
--- linux-2.6.22-rc3-git6.orig/include/linux/netfilter/x_tables.h
+++ linux-2.6.22-rc3-git6/include/linux/netfilter/x_tables.h
@@ -148,7 +148,7 @@ struct xt_match
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop);
+ bool *hotdrop);
/* Called when user tries to insert an entry of this type. */
/* Should return true or false. */
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/arp_tables.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/arp_tables.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/arp_tables.c
@@ -224,7 +224,7 @@ unsigned int arpt_do_table(struct sk_buf
static const char nulldevname[IFNAMSIZ];
unsigned int verdict = NF_DROP;
struct arphdr *arp;
- int hotdrop = 0;
+ bool hotdrop = false;
struct arpt_entry *e, *back;
const char *indev, *outdev;
void *table_base;
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ip_tables.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ip_tables.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ip_tables.c
@@ -188,7 +188,7 @@ int do_match(struct ipt_entry_match *m,
const struct net_device *in,
const struct net_device *out,
int offset,
- int *hotdrop)
+ bool *hotdrop)
{
/* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
@@ -216,7 +216,7 @@ ipt_do_table(struct sk_buff **pskb,
u_int16_t offset;
struct iphdr *ip;
u_int16_t datalen;
- int hotdrop = 0;
+ bool hotdrop = false;
/* Initializing verdict to NF_DROP keeps gcc happy. */
unsigned int verdict = NF_DROP;
const char *indev, *outdev;
@@ -2077,7 +2077,7 @@ icmp_match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
struct icmphdr _icmph, *ic;
const struct ipt_icmp *icmpinfo = matchinfo;
@@ -2092,7 +2092,7 @@ icmp_match(const struct sk_buff *skb,
* can't. Hence, no choice but to drop.
*/
duprintf("Dropping evil ICMP tinygram.\n");
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_addrtype.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_addrtype.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_addrtype.c
@@ -30,7 +30,7 @@ static inline int match_type(__be32 addr
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, bool *hotdrop)
{
const struct ipt_addrtype_info *info = matchinfo;
const struct iphdr *iph = ip_hdr(skb);
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ah.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_ah.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ah.c
@@ -44,7 +44,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
struct ip_auth_hdr _ahdr, *ah;
const struct ipt_ah *ahinfo = matchinfo;
@@ -60,7 +60,7 @@ match(const struct sk_buff *skb,
* can't. Hence, no choice but to drop.
*/
duprintf("Dropping evil AH tinygram.\n");
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ecn.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_ecn.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ecn.c
@@ -30,7 +30,7 @@ static inline int match_ip(const struct
static inline int match_tcp(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo,
- int *hotdrop)
+ bool *hotdrop)
{
struct tcphdr _tcph, *th;
@@ -39,7 +39,7 @@ static inline int match_tcp(const struct
*/
th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
if (th == NULL) {
- *hotdrop = 0;
+ *hotdrop = false;
return 0;
}
@@ -69,7 +69,7 @@ static inline int match_tcp(const struct
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, bool *hotdrop)
{
const struct ipt_ecn_info *info = matchinfo;
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_iprange.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_iprange.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_iprange.c
@@ -29,7 +29,7 @@ match(const struct sk_buff *skb,
const struct net_device *out,
const struct xt_match *match,
const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, bool *hotdrop)
{
const struct ipt_iprange_info *info = matchinfo;
const struct iphdr *iph = ip_hdr(skb);
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_owner.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_owner.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_owner.c
@@ -29,7 +29,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct ipt_owner_info *info = matchinfo;
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_recent.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_recent.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_recent.c
@@ -173,7 +173,7 @@ static int
ipt_recent_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, bool *hotdrop)
{
const struct ipt_recent_info *info = matchinfo;
struct recent_table *t;
@@ -201,7 +201,7 @@ ipt_recent_match(const struct sk_buff *s
goto out;
e = recent_entry_init(t, addr, ttl);
if (e == NULL)
- *hotdrop = 1;
+ *hotdrop = true;
ret ^= 1;
goto out;
}
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_tos.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_tos.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_tos.c
@@ -26,7 +26,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct ipt_tos_info *info = matchinfo;
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ttl.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_ttl.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ttl.c
@@ -21,7 +21,7 @@ MODULE_LICENSE("GPL");
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, bool *hotdrop)
{
const struct ipt_ttl_info *info = matchinfo;
const u8 ttl = ip_hdr(skb)->ttl;
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6_tables.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6_tables.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6_tables.c
@@ -102,7 +102,7 @@ ip6_packet_match(const struct sk_buff *s
const char *outdev,
const struct ip6t_ip6 *ip6info,
unsigned int *protoff,
- int *fragoff, int *hotdrop)
+ int *fragoff, bool *hotdrop)
{
size_t i;
unsigned long ret;
@@ -162,7 +162,7 @@ ip6_packet_match(const struct sk_buff *s
protohdr = ipv6_find_hdr(skb, protoff, -1, &_frag_off);
if (protohdr < 0) {
if (_frag_off == 0)
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
*fragoff = _frag_off;
@@ -225,7 +225,7 @@ int do_match(struct ip6t_entry_match *m,
const struct net_device *out,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
/* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
@@ -252,7 +252,7 @@ ip6t_do_table(struct sk_buff **pskb,
static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
int offset = 0;
unsigned int protoff = 0;
- int hotdrop = 0;
+ bool hotdrop = false;
/* Initializing verdict to NF_DROP keeps gcc happy. */
unsigned int verdict = NF_DROP;
const char *indev, *outdev;
@@ -1299,7 +1299,7 @@ icmp6_match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
struct icmp6hdr _icmp, *ic;
const struct ip6t_icmp *icmpinfo = matchinfo;
@@ -1313,7 +1313,7 @@ icmp6_match(const struct sk_buff *skb,
/* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */
duprintf("Dropping evil ICMP tinygram.\n");
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_ah.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_ah.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_ah.c
@@ -49,7 +49,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
struct ip_auth_hdr *ah, _ah;
const struct ip6t_ah *ahinfo = matchinfo;
@@ -60,13 +60,13 @@ match(const struct sk_buff *skb,
err = ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL);
if (err < 0) {
if (err != -ENOENT)
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
if (ah == NULL) {
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_eui64.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_eui64.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_eui64.c
@@ -27,7 +27,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
unsigned char eui64[8];
int i = 0;
@@ -35,7 +35,7 @@ match(const struct sk_buff *skb,
if (!(skb_mac_header(skb) >= skb->head &&
(skb_mac_header(skb) + ETH_HLEN) <= skb->data) &&
offset != 0) {
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_frag.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_frag.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_frag.c
@@ -48,7 +48,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
struct frag_hdr _frag, *fh;
const struct ip6t_frag *fraginfo = matchinfo;
@@ -58,13 +58,13 @@ match(const struct sk_buff *skb,
err = ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL);
if (err < 0) {
if (err != -ENOENT)
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
if (fh == NULL) {
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_hbh.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_hbh.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_hbh.c
@@ -55,7 +55,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
struct ipv6_opt_hdr _optsh, *oh;
const struct ip6t_opts *optinfo = matchinfo;
@@ -71,13 +71,13 @@ match(const struct sk_buff *skb,
err = ipv6_find_hdr(skb, &ptr, match->data, NULL);
if (err < 0) {
if (err != -ENOENT)
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
if (oh == NULL) {
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_hl.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_hl.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_hl.c
@@ -22,7 +22,7 @@ MODULE_LICENSE("GPL");
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, bool *hotdrop)
{
const struct ip6t_hl_info *info = matchinfo;
const struct ipv6hdr *ip6h = ipv6_hdr(skb);
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_ipv6header.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_ipv6header.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -34,7 +34,7 @@ ipv6header_match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct ip6t_ipv6header_info *info = matchinfo;
unsigned int temp;
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_mh.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_mh.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_mh.c
@@ -48,7 +48,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
struct ip6_mh _mh, *mh;
const struct ip6t_mh *mhinfo = matchinfo;
@@ -62,14 +62,14 @@ match(const struct sk_buff *skb,
/* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */
duprintf("Dropping evil MH tinygram.\n");
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
if (mh->ip6mh_proto != IPPROTO_NONE) {
duprintf("Dropping invalid MH Payload Proto: %u\n",
mh->ip6mh_proto);
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_owner.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_owner.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_owner.c
@@ -31,7 +31,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct ip6t_owner_info *info = matchinfo;
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_rt.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_rt.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_rt.c
@@ -50,7 +50,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
struct ipv6_rt_hdr _route, *rh;
const struct ip6t_rt *rtinfo = matchinfo;
@@ -64,13 +64,13 @@ match(const struct sk_buff *skb,
err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL);
if (err < 0) {
if (err != -ENOENT)
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
if (rh == NULL) {
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_comment.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_comment.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_comment.c
@@ -23,7 +23,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protooff,
- int *hotdrop)
+ bool *hotdrop)
{
/* We always match */
return 1;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_connbytes.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_connbytes.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_connbytes.c
@@ -23,7 +23,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_connbytes_info *sinfo = matchinfo;
struct nf_conn *ct;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_connmark.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_connmark.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_connmark.c
@@ -38,7 +38,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_connmark_info *info = matchinfo;
struct nf_conn *ct;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_conntrack.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_conntrack.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_conntrack.c
@@ -27,7 +27,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_conntrack_info *sinfo = matchinfo;
struct nf_conn *ct;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_dccp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_dccp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_dccp.c
@@ -36,7 +36,7 @@ dccp_find_option(u_int8_t option,
const struct sk_buff *skb,
unsigned int protoff,
const struct dccp_hdr *dh,
- int *hotdrop)
+ bool *hotdrop)
{
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
unsigned char *op;
@@ -45,7 +45,7 @@ dccp_find_option(u_int8_t option,
unsigned int i;
if (dh->dccph_doff * 4 < __dccp_hdr_len(dh)) {
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
@@ -57,7 +57,7 @@ dccp_find_option(u_int8_t option,
if (op == NULL) {
/* If we don't have the whole header, drop packet. */
spin_unlock_bh(&dccp_buflock);
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
@@ -86,7 +86,7 @@ match_types(const struct dccp_hdr *dh, u
static inline int
match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff,
- const struct dccp_hdr *dh, int *hotdrop)
+ const struct dccp_hdr *dh, bool *hotdrop)
{
return dccp_find_option(option, skb, protoff, dh, hotdrop);
}
@@ -99,7 +99,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_dccp_info *info = matchinfo;
struct dccp_hdr _dh, *dh;
@@ -109,7 +109,7 @@ match(const struct sk_buff *skb,
dh = skb_header_pointer(skb, protoff, sizeof(_dh), &_dh);
if (dh == NULL) {
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_dscp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_dscp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_dscp.c
@@ -29,7 +29,7 @@ static int match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_dscp_info *info = matchinfo;
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
@@ -44,7 +44,7 @@ static int match6(const struct sk_buff *
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_dscp_info *info = matchinfo;
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_esp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_esp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_esp.c
@@ -50,7 +50,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
struct ip_esp_hdr _esp, *eh;
const struct xt_esp *espinfo = matchinfo;
@@ -65,7 +65,7 @@ match(const struct sk_buff *skb,
* can't. Hence, no choice but to drop.
*/
duprintf("Dropping evil ESP tinygram.\n");
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_hashlimit.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_hashlimit.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_hashlimit.c
@@ -440,7 +440,7 @@ hashlimit_match(const struct sk_buff *sk
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
struct xt_hashlimit_info *r =
((struct xt_hashlimit_info *)matchinfo)->u.master;
@@ -487,7 +487,7 @@ hashlimit_match(const struct sk_buff *sk
return 0;
hotdrop:
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_helper.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_helper.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_helper.c
@@ -36,7 +36,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_helper_info *info = matchinfo;
struct nf_conn *ct;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_length.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_length.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_length.c
@@ -28,7 +28,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_length_info *info = matchinfo;
u_int16_t pktlen = ntohs(ip_hdr(skb)->tot_len);
@@ -44,7 +44,7 @@ match6(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_length_info *info = matchinfo;
const u_int16_t pktlen = (ntohs(ipv6_hdr(skb)->payload_len) +
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_limit.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_limit.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_limit.c
@@ -65,7 +65,7 @@ ipt_limit_match(const struct sk_buff *sk
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
struct xt_rateinfo *r = ((struct xt_rateinfo *)matchinfo)->master;
unsigned long now = jiffies;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_mac.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_mac.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_mac.c
@@ -32,7 +32,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_mac_info *info = matchinfo;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_mark.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_mark.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_mark.c
@@ -27,7 +27,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_mark_info *info = matchinfo;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_multiport.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_multiport.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_multiport.c
@@ -102,7 +102,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
__be16 _ports[2], *pptr;
const struct xt_multiport *multiinfo = matchinfo;
@@ -116,7 +116,7 @@ match(const struct sk_buff *skb,
* can't. Hence, no choice but to drop.
*/
duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n");
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
@@ -133,7 +133,7 @@ match_v1(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
__be16 _ports[2], *pptr;
const struct xt_multiport_v1 *multiinfo = matchinfo;
@@ -147,7 +147,7 @@ match_v1(const struct sk_buff *skb,
* can't. Hence, no choice but to drop.
*/
duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n");
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_physdev.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_physdev.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_physdev.c
@@ -31,7 +31,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
int i;
static const char nulldevname[IFNAMSIZ];
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_pkttype.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_pkttype.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_pkttype.c
@@ -28,7 +28,7 @@ static int match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
u_int8_t type;
const struct xt_pkttype_info *info = matchinfo;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_policy.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_policy.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_policy.c
@@ -115,7 +115,7 @@ static int match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_policy_info *info = matchinfo;
int ret;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_quota.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_quota.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_quota.c
@@ -20,7 +20,7 @@ static int
match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, bool *hotdrop)
{
struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master;
int ret = q->flags & XT_QUOTA_INVERT ? 1 : 0;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_realm.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_realm.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_realm.c
@@ -29,7 +29,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_realm_info *info = matchinfo;
struct dst_entry *dst = skb->dst;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_sctp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_sctp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_sctp.c
@@ -47,7 +47,7 @@ match_packet(const struct sk_buff *skb,
int chunk_match_type,
const struct xt_sctp_flag_info *flag_info,
const int flag_count,
- int *hotdrop)
+ bool *hotdrop)
{
u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)];
sctp_chunkhdr_t _sch, *sch;
@@ -64,7 +64,7 @@ match_packet(const struct sk_buff *skb,
sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch);
if (sch == NULL || sch->length == 0) {
duprintf("Dropping invalid SCTP packet.\n");
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
@@ -127,7 +127,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_sctp_info *info = matchinfo;
sctp_sctphdr_t _sh, *sh;
@@ -140,7 +140,7 @@ match(const struct sk_buff *skb,
sh = skb_header_pointer(skb, protoff, sizeof(_sh), &_sh);
if (sh == NULL) {
duprintf("Dropping evil TCP offset=0 tinygram.\n");
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest));
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_state.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_state.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_state.c
@@ -28,7 +28,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_state_info *sinfo = matchinfo;
enum ip_conntrack_info ctinfo;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_statistic.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_statistic.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_statistic.c
@@ -28,7 +28,7 @@ static int
match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, bool *hotdrop)
{
struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo;
int ret = info->flags & XT_STATISTIC_INVERT ? 1 : 0;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_string.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_string.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_string.c
@@ -28,7 +28,7 @@ static int match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_string_info *conf = matchinfo;
struct ts_state state;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_tcpmss.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_tcpmss.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_tcpmss.c
@@ -31,7 +31,7 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
const struct xt_tcpmss_match_info *info = matchinfo;
struct tcphdr _tcph, *th;
@@ -77,7 +77,7 @@ out:
return info->invert;
dropit:
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_tcpudp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_tcpudp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_tcpudp.c
@@ -42,7 +42,7 @@ tcp_find_option(u_int8_t option,
unsigned int protoff,
unsigned int optlen,
int invert,
- int *hotdrop)
+ bool *hotdrop)
{
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
u_int8_t _opt[60 - sizeof(struct tcphdr)], *op;
@@ -57,7 +57,7 @@ tcp_find_option(u_int8_t option,
op = skb_header_pointer(skb, protoff + sizeof(struct tcphdr),
optlen, _opt);
if (op == NULL) {
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
@@ -78,7 +78,7 @@ tcp_match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
struct tcphdr _tcph, *th;
const struct xt_tcp *tcpinfo = matchinfo;
@@ -92,7 +92,7 @@ tcp_match(const struct sk_buff *skb,
*/
if (offset == 1) {
duprintf("Dropping evil TCP offset=1 frag.\n");
- *hotdrop = 1;
+ *hotdrop = true;
}
/* Must not be a fragment. */
return 0;
@@ -105,7 +105,7 @@ tcp_match(const struct sk_buff *skb,
/* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */
duprintf("Dropping evil TCP offset=0 tinygram.\n");
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
@@ -123,7 +123,7 @@ tcp_match(const struct sk_buff *skb,
return 0;
if (tcpinfo->option) {
if (th->doff * 4 < sizeof(_tcph)) {
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
if (!tcp_find_option(tcpinfo->option, skb, protoff,
@@ -157,7 +157,7 @@ udp_match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ bool *hotdrop)
{
struct udphdr _udph, *uh;
const struct xt_udp *udpinfo = matchinfo;
@@ -171,7 +171,7 @@ udp_match(const struct sk_buff *skb,
/* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */
duprintf("Dropping evil UDP tinygram.\n");
- *hotdrop = 1;
+ *hotdrop = true;
return 0;
}
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 2/4] Switch xt_match->match to bool
2007-06-04 15:09 [PATCH 0/4] Use bools for xt_match and xt_target Jan Engelhardt
2007-06-04 15:10 ` [PATCH 1/4] Switch hotdrop to bool Jan Engelhardt
@ 2007-06-04 15:10 ` Jan Engelhardt
2007-06-04 15:20 ` Patrick McHardy
2007-06-04 15:11 ` [PATCH 3/4] Switch xt_match->checkentry " Jan Engelhardt
` (2 subsequent siblings)
4 siblings, 1 reply; 17+ messages in thread
From: Jan Engelhardt @ 2007-06-04 15:10 UTC (permalink / raw)
To: kaber; +Cc: Netfilter Developer Mailing List
Switch the return type of match functions to boolean
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
---
include/linux/netfilter/x_tables.h | 16 ++++++-------
net/ipv4/netfilter/ip_tables.c | 26 ++++++++++-----------
net/ipv4/netfilter/ipt_addrtype.c | 12 +++++-----
net/ipv4/netfilter/ipt_ah.c | 10 ++++----
net/ipv4/netfilter/ipt_ecn.c | 38 +++++++++++++++----------------
net/ipv4/netfilter/ipt_iprange.c | 8 +++---
net/ipv4/netfilter/ipt_owner.c | 10 ++++----
net/ipv4/netfilter/ipt_recent.c | 12 +++++-----
net/ipv4/netfilter/ipt_tos.c | 2 -
net/ipv4/netfilter/ipt_ttl.c | 12 +++++-----
net/ipv6/netfilter/ip6_tables.c | 42 +++++++++++++++++------------------
net/ipv6/netfilter/ip6t_ah.c | 12 +++++-----
net/ipv6/netfilter/ip6t_eui64.c | 8 +++---
net/ipv6/netfilter/ip6t_frag.c | 12 +++++-----
net/ipv6/netfilter/ip6t_hbh.c | 18 +++++++--------
net/ipv6/netfilter/ip6t_hl.c | 12 +++++-----
net/ipv6/netfilter/ip6t_ipv6header.c | 6 ++---
net/ipv6/netfilter/ip6t_mh.c | 17 +++++---------
net/ipv6/netfilter/ip6t_owner.c | 10 ++++----
net/ipv6/netfilter/ip6t_rt.c | 26 ++++++++++-----------
net/netfilter/xt_comment.c | 4 +--
net/netfilter/xt_connbytes.c | 4 +--
net/netfilter/xt_connmark.c | 4 +--
net/netfilter/xt_conntrack.c | 24 ++++++++++----------
net/netfilter/xt_dccp.c | 22 +++++++++---------
net/netfilter/xt_dscp.c | 32 +++++++++++++-------------
net/netfilter/xt_esp.c | 12 +++++-----
net/netfilter/xt_hashlimit.c | 17 +++++++-------
net/netfilter/xt_helper.c | 6 ++---
net/netfilter/xt_length.c | 4 +--
net/netfilter/xt_limit.c | 6 ++---
net/netfilter/xt_mac.c | 2 -
net/netfilter/xt_mark.c | 2 -
net/netfilter/xt_multiport.c | 34 ++++++++++++++--------------
net/netfilter/xt_physdev.c | 28 ++++++++++-------------
net/netfilter/xt_pkttype.c | 2 -
net/netfilter/xt_policy.c | 26 ++++++++++-----------
net/netfilter/xt_quota.c | 6 ++---
net/netfilter/xt_realm.c | 2 -
net/netfilter/xt_sctp.c | 26 ++++++++++-----------
net/netfilter/xt_state.c | 2 -
net/netfilter/xt_statistic.c | 8 +++---
net/netfilter/xt_string.c | 16 ++++++-------
net/netfilter/xt_tcpmss.c | 4 +--
net/netfilter/xt_tcpudp.c | 39 +++++++++++++++-----------------
45 files changed, 317 insertions(+), 324 deletions(-)
Index: linux-2.6.22-rc3-git6/include/linux/netfilter/x_tables.h
===================================================================
--- linux-2.6.22-rc3-git6.orig/include/linux/netfilter/x_tables.h
+++ linux-2.6.22-rc3-git6/include/linux/netfilter/x_tables.h
@@ -141,14 +141,14 @@ struct xt_match
/* Arguments changed since 2.6.9, as this must now handle
non-linear skb, using skb_header_pointer and
skb_ip_make_writable. */
- int (*match)(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- const struct xt_match *match,
- const void *matchinfo,
- int offset,
- unsigned int protoff,
- bool *hotdrop);
+ bool (*match)(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const struct xt_match *match,
+ const void *matchinfo,
+ int offset,
+ unsigned int protoff,
+ bool *hotdrop);
/* Called when user tries to insert an entry of this type. */
/* Should return true or false. */
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ip_tables.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ip_tables.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ip_tables.c
@@ -183,19 +183,19 @@ ipt_error(struct sk_buff **pskb,
}
static inline
-int do_match(struct ipt_entry_match *m,
- const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int offset,
- bool *hotdrop)
+bool do_match(struct ipt_entry_match *m,
+ const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int offset,
+ bool *hotdrop)
{
/* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
offset, ip_hdrlen(skb), hotdrop))
- return 1;
+ return true;
else
- return 0;
+ return false;
}
static inline struct ipt_entry *
@@ -2060,16 +2060,16 @@ void ipt_unregister_table(struct xt_tabl
}
/* Returns 1 if the type and code is matched by the range, 0 otherwise */
-static inline int
+static inline bool
icmp_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
u_int8_t type, u_int8_t code,
- int invert)
+ bool invert)
{
return ((test_type == 0xFF) || (type == test_type && code >= min_code && code <= max_code))
^ invert;
}
-static int
+static bool
icmp_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -2084,7 +2084,7 @@ icmp_match(const struct sk_buff *skb,
/* Must not be a fragment. */
if (offset)
- return 0;
+ return false;
ic = skb_header_pointer(skb, protoff, sizeof(_icmph), &_icmph);
if (ic == NULL) {
@@ -2093,7 +2093,7 @@ icmp_match(const struct sk_buff *skb,
*/
duprintf("Dropping evil ICMP tinygram.\n");
*hotdrop = true;
- return 0;
+ return false;
}
return icmp_type_code_match(icmpinfo->type,
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_addrtype.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_addrtype.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_addrtype.c
@@ -22,19 +22,19 @@ MODULE_LICENSE("GPL");
MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
MODULE_DESCRIPTION("iptables addrtype match");
-static inline int match_type(__be32 addr, u_int16_t mask)
+static inline bool match_type(__be32 addr, u_int16_t mask)
{
return !!(mask & (1 << inet_addr_type(addr)));
}
-static int match(const struct sk_buff *skb,
- const struct net_device *in, const struct net_device *out,
- const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, bool *hotdrop)
+static bool match(const struct sk_buff *skb,
+ const struct net_device *in, const struct net_device *out,
+ const struct xt_match *match, const void *matchinfo,
+ int offset, unsigned int protoff, bool *hotdrop)
{
const struct ipt_addrtype_info *info = matchinfo;
const struct iphdr *iph = ip_hdr(skb);
- int ret = 1;
+ bool ret = true;
if (info->source)
ret &= match_type(iph->saddr, info->source)^info->invert_source;
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ah.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_ah.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ah.c
@@ -25,10 +25,10 @@ MODULE_DESCRIPTION("iptables AH SPI matc
#endif
/* Returns 1 if the spi is matched by the range, 0 otherwise */
-static inline int
-spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
+static inline bool
+spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
{
- int r=0;
+ bool r;
duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ',
min,spi,max);
r=(spi >= min && spi <= max) ^ invert;
@@ -36,7 +36,7 @@ spi_match(u_int32_t min, u_int32_t max,
return r;
}
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -51,7 +51,7 @@ match(const struct sk_buff *skb,
/* Must not be a fragment. */
if (offset)
- return 0;
+ return false;
ah = skb_header_pointer(skb, protoff,
sizeof(_ahdr), &_ahdr);
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ecn.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_ecn.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ecn.c
@@ -22,15 +22,15 @@ MODULE_AUTHOR("Harald Welte <laforge@net
MODULE_DESCRIPTION("iptables ECN matching module");
MODULE_LICENSE("GPL");
-static inline int match_ip(const struct sk_buff *skb,
- const struct ipt_ecn_info *einfo)
+static inline bool match_ip(const struct sk_buff *skb,
+ const struct ipt_ecn_info *einfo)
{
return (ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect;
}
-static inline int match_tcp(const struct sk_buff *skb,
- const struct ipt_ecn_info *einfo,
- bool *hotdrop)
+static inline bool match_tcp(const struct sk_buff *skb,
+ const struct ipt_ecn_info *einfo,
+ bool *hotdrop)
{
struct tcphdr _tcph, *th;
@@ -40,51 +40,51 @@ static inline int match_tcp(const struct
th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
if (th == NULL) {
*hotdrop = false;
- return 0;
+ return false;
}
if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
if (einfo->invert & IPT_ECN_OP_MATCH_ECE) {
if (th->ece == 1)
- return 0;
+ return false;
} else {
if (th->ece == 0)
- return 0;
+ return false;
}
}
if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
if (einfo->invert & IPT_ECN_OP_MATCH_CWR) {
if (th->cwr == 1)
- return 0;
+ return false;
} else {
if (th->cwr == 0)
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
-static int match(const struct sk_buff *skb,
- const struct net_device *in, const struct net_device *out,
- const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, bool *hotdrop)
+static bool match(const struct sk_buff *skb,
+ const struct net_device *in, const struct net_device *out,
+ const struct xt_match *match, const void *matchinfo,
+ int offset, unsigned int protoff, bool *hotdrop)
{
const struct ipt_ecn_info *info = matchinfo;
if (info->operation & IPT_ECN_OP_MATCH_IP)
if (!match_ip(skb, info))
- return 0;
+ return false;
if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) {
if (ip_hdr(skb)->protocol != IPPROTO_TCP)
- return 0;
+ return false;
if (!match_tcp(skb, info, hotdrop))
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static int checkentry(const char *tablename, const void *ip_void,
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_iprange.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_iprange.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_iprange.c
@@ -23,7 +23,7 @@ MODULE_DESCRIPTION("iptables arbitrary I
#define DEBUGP(format, args...)
#endif
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -44,7 +44,7 @@ match(const struct sk_buff *skb,
info->flags & IPRANGE_SRC_INV ? "(INV) " : "",
NIPQUAD(info->src.min_ip),
NIPQUAD(info->src.max_ip));
- return 0;
+ return false;
}
}
if (info->flags & IPRANGE_DST) {
@@ -57,10 +57,10 @@ match(const struct sk_buff *skb,
info->flags & IPRANGE_DST_INV ? "(INV) " : "",
NIPQUAD(info->dst.min_ip),
NIPQUAD(info->dst.max_ip));
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
static struct xt_match iprange_match = {
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_owner.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_owner.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_owner.c
@@ -21,7 +21,7 @@ MODULE_LICENSE("GPL");
MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
MODULE_DESCRIPTION("iptables owner match");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -34,21 +34,21 @@ match(const struct sk_buff *skb,
const struct ipt_owner_info *info = matchinfo;
if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file)
- return 0;
+ return false;
if(info->match & IPT_OWNER_UID) {
if ((skb->sk->sk_socket->file->f_uid != info->uid) ^
!!(info->invert & IPT_OWNER_UID))
- return 0;
+ return false;
}
if(info->match & IPT_OWNER_GID) {
if ((skb->sk->sk_socket->file->f_gid != info->gid) ^
!!(info->invert & IPT_OWNER_GID))
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static int
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_recent.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_recent.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_recent.c
@@ -169,7 +169,7 @@ static void recent_table_flush(struct re
}
}
-static int
+static bool
ipt_recent_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
@@ -180,7 +180,7 @@ ipt_recent_match(const struct sk_buff *s
struct recent_entry *e;
__be32 addr;
u_int8_t ttl;
- int ret = info->invert;
+ bool ret = info->invert;
if (info->side == IPT_RECENT_DEST)
addr = ip_hdr(skb)->daddr;
@@ -202,15 +202,15 @@ ipt_recent_match(const struct sk_buff *s
e = recent_entry_init(t, addr, ttl);
if (e == NULL)
*hotdrop = true;
- ret ^= 1;
+ ret = !ret;
goto out;
}
if (info->check_set & IPT_RECENT_SET)
- ret ^= 1;
+ ret = !ret;
else if (info->check_set & IPT_RECENT_REMOVE) {
recent_entry_remove(t, e);
- ret ^= 1;
+ ret = !ret;
} else if (info->check_set & (IPT_RECENT_CHECK | IPT_RECENT_UPDATE)) {
unsigned long t = jiffies - info->seconds * HZ;
unsigned int i, hits = 0;
@@ -219,7 +219,7 @@ ipt_recent_match(const struct sk_buff *s
if (info->seconds && time_after(t, e->stamps[i]))
continue;
if (++hits >= info->hit_count) {
- ret ^= 1;
+ ret = !ret;
break;
}
}
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_tos.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_tos.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_tos.c
@@ -18,7 +18,7 @@
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("iptables TOS match module");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ttl.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_ttl.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ttl.c
@@ -18,10 +18,10 @@ MODULE_AUTHOR("Harald Welte <laforge@net
MODULE_DESCRIPTION("IP tables TTL matching module");
MODULE_LICENSE("GPL");
-static int match(const struct sk_buff *skb,
- const struct net_device *in, const struct net_device *out,
- const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, bool *hotdrop)
+static bool match(const struct sk_buff *skb,
+ const struct net_device *in, const struct net_device *out,
+ const struct xt_match *match, const void *matchinfo,
+ int offset, unsigned int protoff, bool *hotdrop)
{
const struct ipt_ttl_info *info = matchinfo;
const u8 ttl = ip_hdr(skb)->ttl;
@@ -42,10 +42,10 @@ static int match(const struct sk_buff *s
default:
printk(KERN_WARNING "ipt_ttl: unknown mode %d\n",
info->mode);
- return 0;
+ return false;
}
- return 0;
+ return false;
}
static struct xt_match ttl_match = {
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6_tables.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6_tables.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6_tables.c
@@ -96,7 +96,7 @@ ip6t_ext_hdr(u8 nexthdr)
}
/* Returns whether matches rule or not. */
-static inline int
+static inline bool
ip6_packet_match(const struct sk_buff *skb,
const char *indev,
const char *outdev,
@@ -122,7 +122,7 @@ ip6_packet_match(const struct sk_buff *s
dprintf("DST: %u. Mask: %u. Target: %u.%s\n", ip->daddr,
ipinfo->dmsk.s_addr, ipinfo->dst.s_addr,
ipinfo->invflags & IP6T_INV_DSTIP ? " (INV)" : "");*/
- return 0;
+ return false;
}
/* Look for ifname matches; this should unroll nicely. */
@@ -136,7 +136,7 @@ ip6_packet_match(const struct sk_buff *s
dprintf("VIA in mismatch (%s vs %s).%s\n",
indev, ip6info->iniface,
ip6info->invflags&IP6T_INV_VIA_IN ?" (INV)":"");
- return 0;
+ return false;
}
for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
@@ -149,7 +149,7 @@ ip6_packet_match(const struct sk_buff *s
dprintf("VIA out mismatch (%s vs %s).%s\n",
outdev, ip6info->outiface,
ip6info->invflags&IP6T_INV_VIA_OUT ?" (INV)":"");
- return 0;
+ return false;
}
/* ... might want to do something with class and flowlabel here ... */
@@ -163,7 +163,7 @@ ip6_packet_match(const struct sk_buff *s
if (protohdr < 0) {
if (_frag_off == 0)
*hotdrop = true;
- return 0;
+ return false;
}
*fragoff = _frag_off;
@@ -174,17 +174,17 @@ ip6_packet_match(const struct sk_buff *s
if (ip6info->proto == protohdr) {
if(ip6info->invflags & IP6T_INV_PROTO) {
- return 0;
+ return false;
}
- return 1;
+ return true;
}
/* We need match for the '-p all', too! */
if ((ip6info->proto != 0) &&
!(ip6info->invflags & IP6T_INV_PROTO))
- return 0;
+ return false;
}
- return 1;
+ return true;
}
/* should be ip6 safe */
@@ -219,20 +219,20 @@ ip6t_error(struct sk_buff **pskb,
}
static inline
-int do_match(struct ip6t_entry_match *m,
- const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int offset,
- unsigned int protoff,
- bool *hotdrop)
+bool do_match(struct ip6t_entry_match *m,
+ const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int offset,
+ unsigned int protoff,
+ bool *hotdrop)
{
/* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
offset, protoff, hotdrop))
- return 1;
+ return true;
else
- return 0;
+ return false;
}
static inline struct ip6t_entry *
@@ -1291,7 +1291,7 @@ icmp6_type_code_match(u_int8_t test_type
^ invert;
}
-static int
+static bool
icmp6_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -1306,7 +1306,7 @@ icmp6_match(const struct sk_buff *skb,
/* Must not be a fragment. */
if (offset)
- return 0;
+ return false;
ic = skb_header_pointer(skb, protoff, sizeof(_icmp), &_icmp);
if (ic == NULL) {
@@ -1314,7 +1314,7 @@ icmp6_match(const struct sk_buff *skb,
can't. Hence, no choice but to drop. */
duprintf("Dropping evil ICMP tinygram.\n");
*hotdrop = true;
- return 0;
+ return false;
}
return icmp6_type_code_match(icmpinfo->type,
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_ah.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_ah.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_ah.c
@@ -30,10 +30,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@s
#endif
/* Returns 1 if the spi is matched by the range, 0 otherwise */
-static inline int
-spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
+static inline bool
+spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
{
- int r=0;
+ bool r;
DEBUGP("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ',
min,spi,max);
r = (spi >= min && spi <= max) ^ invert;
@@ -41,7 +41,7 @@ spi_match(u_int32_t min, u_int32_t max,
return r;
}
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -61,13 +61,13 @@ match(const struct sk_buff *skb,
if (err < 0) {
if (err != -ENOENT)
*hotdrop = true;
- return 0;
+ return false;
}
ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
if (ah == NULL) {
*hotdrop = true;
- return 0;
+ return false;
}
hdrlen = (ah->hdrlen + 2) << 2;
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_eui64.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_eui64.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_eui64.c
@@ -19,7 +19,7 @@ MODULE_DESCRIPTION("IPv6 EUI64 address c
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -36,7 +36,7 @@ match(const struct sk_buff *skb,
(skb_mac_header(skb) + ETH_HLEN) <= skb->data) &&
offset != 0) {
*hotdrop = true;
- return 0;
+ return false;
}
memset(eui64, 0, sizeof(eui64));
@@ -55,11 +55,11 @@ match(const struct sk_buff *skb,
i++;
if (i == 8)
- return 1;
+ return true;
}
}
- return 0;
+ return false;
}
static struct xt_match eui64_match = {
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_frag.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_frag.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_frag.c
@@ -29,10 +29,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@s
#endif
/* Returns 1 if the id is matched by the range, 0 otherwise */
-static inline int
-id_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert)
+static inline bool
+id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
{
- int r = 0;
+ bool r;
DEBUGP("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ',
min, id, max);
r = (id >= min && id <= max) ^ invert;
@@ -40,7 +40,7 @@ id_match(u_int32_t min, u_int32_t max, u
return r;
}
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -59,13 +59,13 @@ match(const struct sk_buff *skb,
if (err < 0) {
if (err != -ENOENT)
*hotdrop = true;
- return 0;
+ return false;
}
fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
if (fh == NULL) {
*hotdrop = true;
- return 0;
+ return false;
}
DEBUGP("INFO %04X ", fh->frag_off);
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_hbh.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_hbh.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_hbh.c
@@ -47,7 +47,7 @@ MODULE_ALIAS("ip6t_dst");
* 5 -> RTALERT 2 x x
*/
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -62,7 +62,7 @@ match(const struct sk_buff *skb,
unsigned int temp;
unsigned int ptr;
unsigned int hdrlen = 0;
- unsigned int ret = 0;
+ bool ret = false;
u8 _opttype, *tp = NULL;
u8 _optlen, *lp = NULL;
unsigned int optlen;
@@ -72,19 +72,19 @@ match(const struct sk_buff *skb,
if (err < 0) {
if (err != -ENOENT)
*hotdrop = true;
- return 0;
+ return false;
}
oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
if (oh == NULL) {
*hotdrop = true;
- return 0;
+ return false;
}
hdrlen = ipv6_optlen(oh);
if (skb->len - ptr < hdrlen) {
/* Packet smaller than it's length field */
- return 0;
+ return false;
}
DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
@@ -123,7 +123,7 @@ match(const struct sk_buff *skb,
DEBUGP("Tbad %02X %02X\n",
*tp,
(optinfo->opts[temp] & 0xFF00) >> 8);
- return 0;
+ return false;
} else {
DEBUGP("Tok ");
}
@@ -144,7 +144,7 @@ match(const struct sk_buff *skb,
if (spec_len != 0x00FF && spec_len != *lp) {
DEBUGP("Lbad %02X %04X\n", *lp,
spec_len);
- return 0;
+ return false;
}
DEBUGP("Lok ");
optlen = *lp + 2;
@@ -167,10 +167,10 @@ match(const struct sk_buff *skb,
if (temp == optinfo->optsnr)
return ret;
else
- return 0;
+ return false;
}
- return 0;
+ return false;
}
/* Called when user tries to insert an entry of this type. */
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_hl.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_hl.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_hl.c
@@ -19,10 +19,10 @@ MODULE_AUTHOR("Maciej Soltysiak <solt@dn
MODULE_DESCRIPTION("IP tables Hop Limit matching module");
MODULE_LICENSE("GPL");
-static int match(const struct sk_buff *skb,
- const struct net_device *in, const struct net_device *out,
- const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, bool *hotdrop)
+static bool match(const struct sk_buff *skb,
+ const struct net_device *in, const struct net_device *out,
+ const struct xt_match *match, const void *matchinfo,
+ int offset, unsigned int protoff, bool *hotdrop)
{
const struct ip6t_hl_info *info = matchinfo;
const struct ipv6hdr *ip6h = ipv6_hdr(skb);
@@ -43,10 +43,10 @@ static int match(const struct sk_buff *s
default:
printk(KERN_WARNING "ip6t_hl: unknown mode %d\n",
info->mode);
- return 0;
+ return false;
}
- return 0;
+ return false;
}
static struct xt_match hl_match = {
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_ipv6header.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_ipv6header.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -26,7 +26,7 @@ MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("IPv6 headers match");
MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
-static int
+static bool
ipv6header_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -58,7 +58,7 @@ ipv6header_match(const struct sk_buff *s
/* Is there enough space for the next ext header? */
if (len < (int)sizeof(struct ipv6_opt_hdr))
- return 0;
+ return false;
/* No more exthdr -> evaluate */
if (nexthdr == NEXTHDR_NONE) {
temp |= MASK_NONE;
@@ -99,7 +99,7 @@ ipv6header_match(const struct sk_buff *s
temp |= MASK_DSTOPTS;
break;
default:
- return 0;
+ return false;
break;
}
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_mh.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_mh.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_mh.c
@@ -31,16 +31,13 @@ MODULE_LICENSE("GPL");
#endif
/* Returns 1 if the type is matched by the range, 0 otherwise */
-static inline int
-type_match(u_int8_t min, u_int8_t max, u_int8_t type, int invert)
+static inline bool
+type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert)
{
- int ret;
-
- ret = (type >= min && type <= max) ^ invert;
- return ret;
+ return (type >= min && type <= max) ^ invert;
}
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -55,7 +52,7 @@ match(const struct sk_buff *skb,
/* Must not be a fragment. */
if (offset)
- return 0;
+ return false;
mh = skb_header_pointer(skb, protoff, sizeof(_mh), &_mh);
if (mh == NULL) {
@@ -63,14 +60,14 @@ match(const struct sk_buff *skb,
can't. Hence, no choice but to drop. */
duprintf("Dropping evil MH tinygram.\n");
*hotdrop = true;
- return 0;
+ return false;
}
if (mh->ip6mh_proto != IPPROTO_NONE) {
duprintf("Dropping invalid MH Payload Proto: %u\n",
mh->ip6mh_proto);
*hotdrop = true;
- return 0;
+ return false;
}
return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type,
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_owner.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_owner.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_owner.c
@@ -23,7 +23,7 @@ MODULE_DESCRIPTION("IP6 tables owner mat
MODULE_LICENSE("GPL");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -36,21 +36,21 @@ match(const struct sk_buff *skb,
const struct ip6t_owner_info *info = matchinfo;
if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file)
- return 0;
+ return false;
if (info->match & IP6T_OWNER_UID) {
if ((skb->sk->sk_socket->file->f_uid != info->uid) ^
!!(info->invert & IP6T_OWNER_UID))
- return 0;
+ return false;
}
if (info->match & IP6T_OWNER_GID) {
if ((skb->sk->sk_socket->file->f_gid != info->gid) ^
!!(info->invert & IP6T_OWNER_GID))
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static int
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_rt.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_rt.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_rt.c
@@ -31,10 +31,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@s
#endif
/* Returns 1 if the id is matched by the range, 0 otherwise */
-static inline int
-segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert)
+static inline bool
+segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
{
- int r = 0;
+ bool r;
DEBUGP("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x",
invert ? '!' : ' ', min, id, max);
r = (id >= min && id <= max) ^ invert;
@@ -42,7 +42,7 @@ segsleft_match(u_int32_t min, u_int32_t
return r;
}
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -57,7 +57,7 @@ match(const struct sk_buff *skb,
unsigned int temp;
unsigned int ptr;
unsigned int hdrlen = 0;
- unsigned int ret = 0;
+ bool ret = false;
struct in6_addr *ap, _addr;
int err;
@@ -65,19 +65,19 @@ match(const struct sk_buff *skb,
if (err < 0) {
if (err != -ENOENT)
*hotdrop = true;
- return 0;
+ return false;
}
rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
if (rh == NULL) {
*hotdrop = true;
- return 0;
+ return false;
}
hdrlen = ipv6_optlen(rh);
if (skb->len - ptr < hdrlen) {
/* Pcket smaller than its length field */
- return 0;
+ return false;
}
DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen);
@@ -136,7 +136,7 @@ match(const struct sk_buff *skb,
DEBUGP("Not strict ");
if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) {
DEBUGP("There isn't enough space\n");
- return 0;
+ return false;
} else {
unsigned int i = 0;
@@ -164,13 +164,13 @@ match(const struct sk_buff *skb,
if (i == rtinfo->addrnr)
return ret;
else
- return 0;
+ return false;
}
} else {
DEBUGP("Strict ");
if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) {
DEBUGP("There isn't enough space\n");
- return 0;
+ return false;
} else {
DEBUGP("#%d ", rtinfo->addrnr);
for (temp = 0; temp < rtinfo->addrnr; temp++) {
@@ -190,11 +190,11 @@ match(const struct sk_buff *skb,
(temp == (unsigned int)((hdrlen - 8) / 16)))
return ret;
else
- return 0;
+ return false;
}
}
- return 0;
+ return false;
}
/* Called when user tries to insert an entry of this type. */
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_comment.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_comment.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_comment.c
@@ -15,7 +15,7 @@ MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_comment");
MODULE_ALIAS("ip6t_comment");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -26,7 +26,7 @@ match(const struct sk_buff *skb,
bool *hotdrop)
{
/* We always match */
- return 1;
+ return true;
}
static struct xt_match xt_comment_match[] = {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_connbytes.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_connbytes.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_connbytes.c
@@ -15,7 +15,7 @@ MODULE_AUTHOR("Harald Welte <laforge@net
MODULE_DESCRIPTION("iptables match for matching number of pkts/bytes per connection");
MODULE_ALIAS("ipt_connbytes");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -35,7 +35,7 @@ match(const struct sk_buff *skb,
ct = nf_ct_get(skb, &ctinfo);
if (!ct)
- return 0;
+ return false;
counters = ct->counters;
switch (sinfo->what) {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_connmark.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_connmark.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_connmark.c
@@ -30,7 +30,7 @@ MODULE_DESCRIPTION("IP tables connmark m
MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_connmark");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -46,7 +46,7 @@ match(const struct sk_buff *skb,
ct = nf_ct_get(skb, &ctinfo);
if (!ct)
- return 0;
+ return false;
return (((ct->mark) & info->mask) == info->mark) ^ info->invert;
}
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_conntrack.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_conntrack.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_conntrack.c
@@ -19,7 +19,7 @@ MODULE_AUTHOR("Marc Boucher <marc@mbsi.c
MODULE_DESCRIPTION("iptables connection tracking match module");
MODULE_ALIAS("ipt_conntrack");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -54,53 +54,53 @@ match(const struct sk_buff *skb,
}
if (FWINV((statebit & sinfo->statemask) == 0,
XT_CONNTRACK_STATE))
- return 0;
+ return false;
}
if (ct == NULL) {
if (sinfo->flags & ~XT_CONNTRACK_STATE)
- return 0;
- return 1;
+ return false;
+ return true;
}
if (sinfo->flags & XT_CONNTRACK_PROTO &&
FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum !=
sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum,
XT_CONNTRACK_PROTO))
- return 0;
+ return false;
if (sinfo->flags & XT_CONNTRACK_ORIGSRC &&
FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip &
sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) !=
sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip,
XT_CONNTRACK_ORIGSRC))
- return 0;
+ return false;
if (sinfo->flags & XT_CONNTRACK_ORIGDST &&
FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip &
sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) !=
sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip,
XT_CONNTRACK_ORIGDST))
- return 0;
+ return false;
if (sinfo->flags & XT_CONNTRACK_REPLSRC &&
FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip &
sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) !=
sinfo->tuple[IP_CT_DIR_REPLY].src.ip,
XT_CONNTRACK_REPLSRC))
- return 0;
+ return false;
if (sinfo->flags & XT_CONNTRACK_REPLDST &&
FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip &
sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) !=
sinfo->tuple[IP_CT_DIR_REPLY].dst.ip,
XT_CONNTRACK_REPLDST))
- return 0;
+ return false;
if (sinfo->flags & XT_CONNTRACK_STATUS &&
FWINV((ct->status & sinfo->statusmask) == 0,
XT_CONNTRACK_STATUS))
- return 0;
+ return false;
if(sinfo->flags & XT_CONNTRACK_EXPIRES) {
unsigned long expires = timer_pending(&ct->timeout) ?
@@ -109,9 +109,9 @@ match(const struct sk_buff *skb,
if (FWINV(!(expires >= sinfo->expires_min &&
expires <= sinfo->expires_max),
XT_CONNTRACK_EXPIRES))
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static int
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_dccp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_dccp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_dccp.c
@@ -31,7 +31,7 @@ MODULE_ALIAS("ipt_dccp");
static unsigned char *dccp_optbuf;
static DEFINE_SPINLOCK(dccp_buflock);
-static inline int
+static inline bool
dccp_find_option(u_int8_t option,
const struct sk_buff *skb,
unsigned int protoff,
@@ -46,11 +46,11 @@ dccp_find_option(u_int8_t option,
if (dh->dccph_doff * 4 < __dccp_hdr_len(dh)) {
*hotdrop = true;
- return 0;
+ return false;
}
if (!optlen)
- return 0;
+ return false;
spin_lock_bh(&dccp_buflock);
op = skb_header_pointer(skb, protoff + optoff, optlen, dccp_optbuf);
@@ -58,13 +58,13 @@ dccp_find_option(u_int8_t option,
/* If we don't have the whole header, drop packet. */
spin_unlock_bh(&dccp_buflock);
*hotdrop = true;
- return 0;
+ return false;
}
for (i = 0; i < optlen; ) {
if (op[i] == option) {
spin_unlock_bh(&dccp_buflock);
- return 1;
+ return true;
}
if (op[i] < 2)
@@ -74,24 +74,24 @@ dccp_find_option(u_int8_t option,
}
spin_unlock_bh(&dccp_buflock);
- return 0;
+ return false;
}
-static inline int
+static inline bool
match_types(const struct dccp_hdr *dh, u_int16_t typemask)
{
return (typemask & (1 << dh->dccph_type));
}
-static inline int
+static inline bool
match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff,
const struct dccp_hdr *dh, bool *hotdrop)
{
return dccp_find_option(option, skb, protoff, dh, hotdrop);
}
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -105,12 +105,12 @@ match(const struct sk_buff *skb,
struct dccp_hdr _dh, *dh;
if (offset)
- return 0;
+ return false;
dh = skb_header_pointer(skb, protoff, sizeof(_dh), &_dh);
if (dh == NULL) {
*hotdrop = true;
- return 0;
+ return false;
}
return DCCHECK(((ntohs(dh->dccph_sport) >= info->spts[0])
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_dscp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_dscp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_dscp.c
@@ -22,22 +22,7 @@ MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_dscp");
MODULE_ALIAS("ip6t_dscp");
-static int match(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- const struct xt_match *match,
- const void *matchinfo,
- int offset,
- unsigned int protoff,
- bool *hotdrop)
-{
- const struct xt_dscp_info *info = matchinfo;
- u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
-
- return (dscp == info->dscp) ^ !!info->invert;
-}
-
-static int match6(const struct sk_buff *skb,
+static bool match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const struct xt_match *match,
@@ -47,6 +32,21 @@ static int match6(const struct sk_buff *
bool *hotdrop)
{
const struct xt_dscp_info *info = matchinfo;
+ u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
+
+ return (dscp == info->dscp) ^ !!info->invert;
+}
+
+static bool match6(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const struct xt_match *match,
+ const void *matchinfo,
+ int offset,
+ unsigned int protoff,
+ bool *hotdrop)
+{
+ const struct xt_dscp_info *info = matchinfo;
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
return (dscp == info->dscp) ^ !!info->invert;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_esp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_esp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_esp.c
@@ -31,10 +31,10 @@ MODULE_ALIAS("ip6t_esp");
#endif
/* Returns 1 if the spi is matched by the range, 0 otherwise */
-static inline int
-spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
+static inline bool
+spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
{
- int r = 0;
+ bool r;
duprintf("esp spi_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ',
min, spi, max);
r = (spi >= min && spi <= max) ^ invert;
@@ -42,7 +42,7 @@ spi_match(u_int32_t min, u_int32_t max,
return r;
}
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -57,7 +57,7 @@ match(const struct sk_buff *skb,
/* Must not be a fragment. */
if (offset)
- return 0;
+ return false;
eh = skb_header_pointer(skb, protoff, sizeof(_esp), &_esp);
if (eh == NULL) {
@@ -66,7 +66,7 @@ match(const struct sk_buff *skb,
*/
duprintf("Dropping evil ESP tinygram.\n");
*hotdrop = true;
- return 0;
+ return false;
}
return spi_match(espinfo->spis[0], espinfo->spis[1], ntohl(eh->spi),
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_hashlimit.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_hashlimit.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_hashlimit.c
@@ -94,7 +94,8 @@ static DEFINE_MUTEX(hlimit_mutex); /* ad
static HLIST_HEAD(hashlimit_htables);
static struct kmem_cache *hashlimit_cachep __read_mostly;
-static inline int dst_cmp(const struct dsthash_ent *ent, struct dsthash_dst *b)
+static inline bool dst_cmp(const struct dsthash_ent *ent,
+ struct dsthash_dst *b)
{
return !memcmp(&ent->dst, b, sizeof(ent->dst));
}
@@ -227,18 +228,18 @@ static int htable_create(struct xt_hashl
return 0;
}
-static int select_all(struct xt_hashlimit_htable *ht, struct dsthash_ent *he)
+static bool select_all(struct xt_hashlimit_htable *ht, struct dsthash_ent *he)
{
return 1;
}
-static int select_gc(struct xt_hashlimit_htable *ht, struct dsthash_ent *he)
+static bool select_gc(struct xt_hashlimit_htable *ht, struct dsthash_ent *he)
{
return (jiffies >= he->expires);
}
static void htable_selective_cleanup(struct xt_hashlimit_htable *ht,
- int (*select)(struct xt_hashlimit_htable *ht,
+ bool (*select)(struct xt_hashlimit_htable *ht,
struct dsthash_ent *he))
{
unsigned int i;
@@ -432,7 +433,7 @@ hashlimit_init_dst(struct xt_hashlimit_h
return 0;
}
-static int
+static bool
hashlimit_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -478,17 +479,17 @@ hashlimit_match(const struct sk_buff *sk
/* We're underlimit. */
dh->rateinfo.credit -= dh->rateinfo.cost;
spin_unlock_bh(&hinfo->lock);
- return 1;
+ return true;
}
spin_unlock_bh(&hinfo->lock);
/* default case: we're overlimit, thus don't match */
- return 0;
+ return false;
hotdrop:
*hotdrop = true;
- return 0;
+ return false;
}
static int
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_helper.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_helper.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_helper.c
@@ -28,7 +28,7 @@ MODULE_ALIAS("ip6t_helper");
#define DEBUGP(format, args...)
#endif
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -42,7 +42,7 @@ match(const struct sk_buff *skb,
struct nf_conn *ct;
struct nf_conn_help *master_help;
enum ip_conntrack_info ctinfo;
- int ret = info->invert;
+ bool ret = info->invert;
ct = nf_ct_get((struct sk_buff *)skb, &ctinfo);
if (!ct) {
@@ -67,7 +67,7 @@ match(const struct sk_buff *skb,
ct->master->helper->name, info->name);
if (info->name[0] == '\0')
- ret ^= 1;
+ ret = !ret;
else
ret ^= !strncmp(master_help->helper->name, info->name,
strlen(master_help->helper->name));
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_length.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_length.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_length.c
@@ -20,7 +20,7 @@ MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_length");
MODULE_ALIAS("ip6t_length");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -36,7 +36,7 @@ match(const struct sk_buff *skb,
return (pktlen >= info->min && pktlen <= info->max) ^ info->invert;
}
-static int
+static bool
match6(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_limit.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_limit.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_limit.c
@@ -57,7 +57,7 @@ static DEFINE_SPINLOCK(limit_lock);
#define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ)
-static int
+static bool
ipt_limit_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -79,11 +79,11 @@ ipt_limit_match(const struct sk_buff *sk
/* We're not limited. */
r->credit -= r->cost;
spin_unlock_bh(&limit_lock);
- return 1;
+ return true;
}
spin_unlock_bh(&limit_lock);
- return 0;
+ return false;
}
/* Precision saver. */
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_mac.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_mac.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_mac.c
@@ -24,7 +24,7 @@ MODULE_DESCRIPTION("iptables mac matchin
MODULE_ALIAS("ipt_mac");
MODULE_ALIAS("ip6t_mac");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_mark.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_mark.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_mark.c
@@ -19,7 +19,7 @@ MODULE_DESCRIPTION("iptables mark matchi
MODULE_ALIAS("ipt_mark");
MODULE_ALIAS("ip6t_mark");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_multiport.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_multiport.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_multiport.c
@@ -33,24 +33,24 @@ MODULE_ALIAS("ip6t_multiport");
#endif
/* Returns 1 if the port is matched by the test, 0 otherwise. */
-static inline int
+static inline bool
ports_match(const u_int16_t *portlist, enum xt_multiport_flags flags,
u_int8_t count, u_int16_t src, u_int16_t dst)
{
unsigned int i;
for (i = 0; i < count; i++) {
if (flags != XT_MULTIPORT_DESTINATION && portlist[i] == src)
- return 1;
+ return true;
if (flags != XT_MULTIPORT_SOURCE && portlist[i] == dst)
- return 1;
+ return true;
}
- return 0;
+ return false;
}
/* Returns 1 if the port is matched by the test, 0 otherwise. */
-static inline int
+static inline bool
ports_match_v1(const struct xt_multiport_v1 *minfo,
u_int16_t src, u_int16_t dst)
{
@@ -67,34 +67,34 @@ ports_match_v1(const struct xt_multiport
if (minfo->flags == XT_MULTIPORT_SOURCE
&& src >= s && src <= e)
- return 1 ^ minfo->invert;
+ return true ^ minfo->invert;
if (minfo->flags == XT_MULTIPORT_DESTINATION
&& dst >= s && dst <= e)
- return 1 ^ minfo->invert;
+ return true ^ minfo->invert;
if (minfo->flags == XT_MULTIPORT_EITHER
&& ((dst >= s && dst <= e)
|| (src >= s && src <= e)))
- return 1 ^ minfo->invert;
+ return true ^ minfo->invert;
} else {
/* exact port matching */
duprintf("src or dst matches with %d?\n", s);
if (minfo->flags == XT_MULTIPORT_SOURCE
&& src == s)
- return 1 ^ minfo->invert;
+ return true ^ minfo->invert;
if (minfo->flags == XT_MULTIPORT_DESTINATION
&& dst == s)
- return 1 ^ minfo->invert;
+ return true ^ minfo->invert;
if (minfo->flags == XT_MULTIPORT_EITHER
&& (src == s || dst == s))
- return 1 ^ minfo->invert;
+ return true ^ minfo->invert;
}
}
return minfo->invert;
}
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -108,7 +108,7 @@ match(const struct sk_buff *skb,
const struct xt_multiport *multiinfo = matchinfo;
if (offset)
- return 0;
+ return false;
pptr = skb_header_pointer(skb, protoff, sizeof(_ports), _ports);
if (pptr == NULL) {
@@ -117,7 +117,7 @@ match(const struct sk_buff *skb,
*/
duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n");
*hotdrop = true;
- return 0;
+ return false;
}
return ports_match(multiinfo->ports,
@@ -125,7 +125,7 @@ match(const struct sk_buff *skb,
ntohs(pptr[0]), ntohs(pptr[1]));
}
-static int
+static bool
match_v1(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -139,7 +139,7 @@ match_v1(const struct sk_buff *skb,
const struct xt_multiport_v1 *multiinfo = matchinfo;
if (offset)
- return 0;
+ return false;
pptr = skb_header_pointer(skb, protoff, sizeof(_ports), _ports);
if (pptr == NULL) {
@@ -148,7 +148,7 @@ match_v1(const struct sk_buff *skb,
*/
duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n");
*hotdrop = true;
- return 0;
+ return false;
}
return ports_match_v1(multiinfo, ntohs(pptr[0]), ntohs(pptr[1]));
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_physdev.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_physdev.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_physdev.c
@@ -14,8 +14,6 @@
#include <linux/netfilter/xt_physdev.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter_bridge.h>
-#define MATCH 1
-#define NOMATCH 0
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
@@ -23,7 +21,7 @@ MODULE_DESCRIPTION("iptables bridge phys
MODULE_ALIAS("ipt_physdev");
MODULE_ALIAS("ip6t_physdev");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -36,7 +34,7 @@ match(const struct sk_buff *skb,
int i;
static const char nulldevname[IFNAMSIZ];
const struct xt_physdev_info *info = matchinfo;
- unsigned int ret;
+ bool ret;
const char *indev, *outdev;
struct nf_bridge_info *nf_bridge;
@@ -47,33 +45,33 @@ match(const struct sk_buff *skb,
/* Return MATCH if the invert flags of the used options are on */
if ((info->bitmask & XT_PHYSDEV_OP_BRIDGED) &&
!(info->invert & XT_PHYSDEV_OP_BRIDGED))
- return NOMATCH;
+ return false;
if ((info->bitmask & XT_PHYSDEV_OP_ISIN) &&
!(info->invert & XT_PHYSDEV_OP_ISIN))
- return NOMATCH;
+ return false;
if ((info->bitmask & XT_PHYSDEV_OP_ISOUT) &&
!(info->invert & XT_PHYSDEV_OP_ISOUT))
- return NOMATCH;
+ return false;
if ((info->bitmask & XT_PHYSDEV_OP_IN) &&
!(info->invert & XT_PHYSDEV_OP_IN))
- return NOMATCH;
+ return false;
if ((info->bitmask & XT_PHYSDEV_OP_OUT) &&
!(info->invert & XT_PHYSDEV_OP_OUT))
- return NOMATCH;
- return MATCH;
+ return false;
+ return true;
}
/* This only makes sense in the FORWARD and POSTROUTING chains */
if ((info->bitmask & XT_PHYSDEV_OP_BRIDGED) &&
(!!(nf_bridge->mask & BRNF_BRIDGED) ^
!(info->invert & XT_PHYSDEV_OP_BRIDGED)))
- return NOMATCH;
+ return false;
if ((info->bitmask & XT_PHYSDEV_OP_ISIN &&
(!nf_bridge->physindev ^ !!(info->invert & XT_PHYSDEV_OP_ISIN))) ||
(info->bitmask & XT_PHYSDEV_OP_ISOUT &&
(!nf_bridge->physoutdev ^ !!(info->invert & XT_PHYSDEV_OP_ISOUT))))
- return NOMATCH;
+ return false;
if (!(info->bitmask & XT_PHYSDEV_OP_IN))
goto match_outdev;
@@ -85,11 +83,11 @@ match(const struct sk_buff *skb,
}
if ((ret == 0) ^ !(info->invert & XT_PHYSDEV_OP_IN))
- return NOMATCH;
+ return false;
match_outdev:
if (!(info->bitmask & XT_PHYSDEV_OP_OUT))
- return MATCH;
+ return true;
outdev = nf_bridge->physoutdev ?
nf_bridge->physoutdev->name : nulldevname;
for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned int); i++) {
@@ -98,7 +96,7 @@ match_outdev:
& ((const unsigned int *)info->out_mask)[i];
}
- return (ret != 0) ^ !(info->invert & XT_PHYSDEV_OP_OUT);
+ return ret ^ !(info->invert & XT_PHYSDEV_OP_OUT);
}
static int
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_pkttype.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_pkttype.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_pkttype.c
@@ -21,7 +21,7 @@ MODULE_DESCRIPTION("IP tables match to m
MODULE_ALIAS("ipt_pkttype");
MODULE_ALIAS("ip6t_pkttype");
-static int match(const struct sk_buff *skb,
+static bool match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const struct xt_match *match,
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_policy.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_policy.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_policy.c
@@ -20,7 +20,7 @@ MODULE_AUTHOR("Patrick McHardy <kaber@tr
MODULE_DESCRIPTION("Xtables IPsec policy matching module");
MODULE_LICENSE("GPL");
-static inline int
+static inline bool
xt_addr_cmp(const union xt_policy_addr *a1, const union xt_policy_addr *m,
const union xt_policy_addr *a2, unsigned short family)
{
@@ -30,10 +30,10 @@ xt_addr_cmp(const union xt_policy_addr *
case AF_INET6:
return !ipv6_masked_addr_cmp(&a1->a6, &m->a6, &a2->a6);
}
- return 0;
+ return false;
}
-static inline int
+static inline bool
match_xfrm_state(struct xfrm_state *x, const struct xt_policy_elem *e,
unsigned short family)
{
@@ -108,14 +108,14 @@ match_policy_out(const struct sk_buff *s
return strict ? i == info->len : 0;
}
-static int match(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- const struct xt_match *match,
- const void *matchinfo,
- int offset,
- unsigned int protoff,
- bool *hotdrop)
+static bool match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const struct xt_match *match,
+ const void *matchinfo,
+ int offset,
+ unsigned int protoff,
+ bool *hotdrop)
{
const struct xt_policy_info *info = matchinfo;
int ret;
@@ -126,9 +126,9 @@ static int match(const struct sk_buff *s
ret = match_policy_out(skb, info, match->family);
if (ret < 0)
- ret = info->flags & XT_POLICY_MATCH_NONE ? 1 : 0;
+ ret = info->flags & XT_POLICY_MATCH_NONE ? true : false;
else if (info->flags & XT_POLICY_MATCH_NONE)
- ret = 0;
+ ret = false;
return ret;
}
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_quota.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_quota.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_quota.c
@@ -16,19 +16,19 @@ MODULE_ALIAS("ip6t_quota");
static DEFINE_SPINLOCK(quota_lock);
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop)
{
struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master;
- int ret = q->flags & XT_QUOTA_INVERT ? 1 : 0;
+ bool ret = q->flags & XT_QUOTA_INVERT;
spin_lock_bh("a_lock);
if (q->quota >= skb->len) {
q->quota -= skb->len;
- ret ^= 1;
+ ret = !ret;
} else {
/* we do not allow even small packets from now on */
q->quota = 0;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_realm.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_realm.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_realm.c
@@ -21,7 +21,7 @@ MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("X_tables realm match");
MODULE_ALIAS("ipt_realm");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_sctp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_sctp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_sctp.c
@@ -23,7 +23,7 @@ MODULE_ALIAS("ipt_sctp");
#define SCCHECK(cond, option, flag, invflag) (!((flag) & (option)) \
|| (!!((invflag) & (option)) ^ (cond)))
-static int
+static bool
match_flags(const struct xt_sctp_flag_info *flag_info,
const int flag_count,
u_int8_t chunktype,
@@ -37,10 +37,10 @@ match_flags(const struct xt_sctp_flag_in
}
}
- return 1;
+ return true;
}
-static inline int
+static inline bool
match_packet(const struct sk_buff *skb,
unsigned int offset,
const u_int32_t *chunkmap,
@@ -65,7 +65,7 @@ match_packet(const struct sk_buff *skb,
if (sch == NULL || sch->length == 0) {
duprintf("Dropping invalid SCTP packet.\n");
*hotdrop = true;
- return 0;
+ return false;
}
duprintf("Chunk num: %d\toffset: %d\ttype: %d\tlength: %d\tflags: %x\n",
@@ -80,7 +80,7 @@ match_packet(const struct sk_buff *skb,
case SCTP_CHUNK_MATCH_ANY:
if (match_flags(flag_info, flag_count,
sch->type, sch->flags)) {
- return 1;
+ return true;
}
break;
@@ -94,14 +94,14 @@ match_packet(const struct sk_buff *skb,
case SCTP_CHUNK_MATCH_ONLY:
if (!match_flags(flag_info, flag_count,
sch->type, sch->flags)) {
- return 0;
+ return false;
}
break;
}
} else {
switch (chunk_match_type) {
case SCTP_CHUNK_MATCH_ONLY:
- return 0;
+ return false;
}
}
} while (offset < skb->len);
@@ -110,16 +110,16 @@ match_packet(const struct sk_buff *skb,
case SCTP_CHUNK_MATCH_ALL:
return SCTP_CHUNKMAP_IS_CLEAR(chunkmap);
case SCTP_CHUNK_MATCH_ANY:
- return 0;
+ return false;
case SCTP_CHUNK_MATCH_ONLY:
- return 1;
+ return true;
}
/* This will never be reached, but required to stop compiler whine */
- return 0;
+ return false;
}
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -134,14 +134,14 @@ match(const struct sk_buff *skb,
if (offset) {
duprintf("Dropping non-first fragment.. FIXME\n");
- return 0;
+ return false;
}
sh = skb_header_pointer(skb, protoff, sizeof(_sh), &_sh);
if (sh == NULL) {
duprintf("Dropping evil TCP offset=0 tinygram.\n");
*hotdrop = true;
- return 0;
+ return false;
}
duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest));
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_state.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_state.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_state.c
@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("ip[6]_tables connect
MODULE_ALIAS("ipt_state");
MODULE_ALIAS("ip6t_state");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_statistic.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_statistic.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_statistic.c
@@ -24,26 +24,26 @@ MODULE_ALIAS("ip6t_statistic");
static DEFINE_SPINLOCK(nth_lock);
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop)
{
struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo;
- int ret = info->flags & XT_STATISTIC_INVERT ? 1 : 0;
+ bool ret = info->flags & XT_STATISTIC_INVERT;
switch (info->mode) {
case XT_STATISTIC_MODE_RANDOM:
if ((net_random() & 0x7FFFFFFF) < info->u.random.probability)
- ret ^= 1;
+ ret = !ret;
break;
case XT_STATISTIC_MODE_NTH:
info = info->master;
spin_lock_bh(&nth_lock);
if (info->u.nth.count++ == info->u.nth.every) {
info->u.nth.count = 0;
- ret ^= 1;
+ ret = !ret;
}
spin_unlock_bh(&nth_lock);
break;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_string.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_string.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_string.c
@@ -21,14 +21,14 @@ MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_string");
MODULE_ALIAS("ip6t_string");
-static int match(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- const struct xt_match *match,
- const void *matchinfo,
- int offset,
- unsigned int protoff,
- bool *hotdrop)
+static bool match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const struct xt_match *match,
+ const void *matchinfo,
+ int offset,
+ unsigned int protoff,
+ bool *hotdrop)
{
const struct xt_string_info *conf = matchinfo;
struct ts_state state;
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_tcpmss.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_tcpmss.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_tcpmss.c
@@ -23,7 +23,7 @@ MODULE_AUTHOR("Marc Boucher <marc@mbsi.c
MODULE_DESCRIPTION("iptables TCP MSS match module");
MODULE_ALIAS("ipt_tcpmss");
-static int
+static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -78,7 +78,7 @@ out:
dropit:
*hotdrop = true;
- return 0;
+ return false;
}
static struct xt_match xt_tcpmss_match[] = {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_tcpudp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_tcpudp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_tcpudp.c
@@ -27,21 +27,18 @@ MODULE_ALIAS("ip6t_tcp");
/* Returns 1 if the port is matched by the range, 0 otherwise */
-static inline int
-port_match(u_int16_t min, u_int16_t max, u_int16_t port, int invert)
+static inline bool
+port_match(u_int16_t min, u_int16_t max, u_int16_t port, bool invert)
{
- int ret;
-
- ret = (port >= min && port <= max) ^ invert;
- return ret;
+ return (port >= min && port <= max) ^ invert;
}
-static int
+static bool
tcp_find_option(u_int8_t option,
const struct sk_buff *skb,
unsigned int protoff,
unsigned int optlen,
- int invert,
+ bool invert,
bool *hotdrop)
{
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
@@ -58,7 +55,7 @@ tcp_find_option(u_int8_t option,
optlen, _opt);
if (op == NULL) {
*hotdrop = true;
- return 0;
+ return false;
}
for (i = 0; i < optlen; ) {
@@ -70,7 +67,7 @@ tcp_find_option(u_int8_t option,
return invert;
}
-static int
+static bool
tcp_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -95,7 +92,7 @@ tcp_match(const struct sk_buff *skb,
*hotdrop = true;
}
/* Must not be a fragment. */
- return 0;
+ return false;
}
#define FWINVTCP(bool,invflg) ((bool) ^ !!(tcpinfo->invflags & invflg))
@@ -106,33 +103,33 @@ tcp_match(const struct sk_buff *skb,
can't. Hence, no choice but to drop. */
duprintf("Dropping evil TCP offset=0 tinygram.\n");
*hotdrop = true;
- return 0;
+ return false;
}
if (!port_match(tcpinfo->spts[0], tcpinfo->spts[1],
ntohs(th->source),
!!(tcpinfo->invflags & XT_TCP_INV_SRCPT)))
- return 0;
+ return false;
if (!port_match(tcpinfo->dpts[0], tcpinfo->dpts[1],
ntohs(th->dest),
!!(tcpinfo->invflags & XT_TCP_INV_DSTPT)))
- return 0;
+ return false;
if (!FWINVTCP((((unsigned char *)th)[13] & tcpinfo->flg_mask)
== tcpinfo->flg_cmp,
XT_TCP_INV_FLAGS))
- return 0;
+ return false;
if (tcpinfo->option) {
if (th->doff * 4 < sizeof(_tcph)) {
*hotdrop = true;
- return 0;
+ return false;
}
if (!tcp_find_option(tcpinfo->option, skb, protoff,
th->doff*4 - sizeof(_tcph),
tcpinfo->invflags & XT_TCP_INV_OPTION,
hotdrop))
- return 0;
+ return false;
}
- return 1;
+ return true;
}
/* Called when user tries to insert an entry of this type. */
@@ -149,7 +146,7 @@ tcp_checkentry(const char *tablename,
return !(tcpinfo->invflags & ~XT_TCP_INV_MASK);
}
-static int
+static bool
udp_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -164,7 +161,7 @@ udp_match(const struct sk_buff *skb,
/* Must not be a fragment. */
if (offset)
- return 0;
+ return false;
uh = skb_header_pointer(skb, protoff, sizeof(_udph), &_udph);
if (uh == NULL) {
@@ -172,7 +169,7 @@ udp_match(const struct sk_buff *skb,
can't. Hence, no choice but to drop. */
duprintf("Dropping evil UDP tinygram.\n");
*hotdrop = true;
- return 0;
+ return false;
}
return port_match(udpinfo->spts[0], udpinfo->spts[1],
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 3/4] Switch xt_match->checkentry to bool
2007-06-04 15:09 [PATCH 0/4] Use bools for xt_match and xt_target Jan Engelhardt
2007-06-04 15:10 ` [PATCH 1/4] Switch hotdrop to bool Jan Engelhardt
2007-06-04 15:10 ` [PATCH 2/4] Switch xt_match->match " Jan Engelhardt
@ 2007-06-04 15:11 ` Jan Engelhardt
2007-06-04 15:21 ` Patrick McHardy
2007-06-04 15:11 ` [PATCH 4/4] Switch xt_target->checkentry " Jan Engelhardt
2007-06-04 15:29 ` [PATCH 5/4] Use bools for xt_match Jan Engelhardt
4 siblings, 1 reply; 17+ messages in thread
From: Jan Engelhardt @ 2007-06-04 15:11 UTC (permalink / raw)
To: kaber; +Cc: Netfilter Developer Mailing List
Switch the return type of match functions to boolean
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
---
include/linux/netfilter/x_tables.h | 10 +++++-----
net/ipv4/netfilter/ip_tables.c | 10 +++++-----
net/ipv4/netfilter/ipt_ah.c | 6 +++---
net/ipv4/netfilter/ipt_ecn.c | 14 +++++++-------
net/ipv4/netfilter/ipt_owner.c | 6 +++---
net/ipv4/netfilter/ipt_recent.c | 14 +++++++-------
net/ipv6/netfilter/ip6_tables.c | 14 +++++++-------
net/ipv6/netfilter/ip6t_ah.c | 6 +++---
net/ipv6/netfilter/ip6t_frag.c | 6 +++---
net/ipv6/netfilter/ip6t_hbh.c | 6 +++---
net/ipv6/netfilter/ip6t_ipv6header.c | 6 +++---
net/ipv6/netfilter/ip6t_mh.c | 2 +-
net/ipv6/netfilter/ip6t_owner.c | 6 +++---
net/ipv6/netfilter/ip6t_rt.c | 8 ++++----
net/netfilter/xt_connbytes.c | 18 +++++++++---------
net/netfilter/xt_connmark.c | 8 ++++----
net/netfilter/xt_conntrack.c | 6 +++---
net/netfilter/xt_dccp.c | 2 +-
net/netfilter/xt_dscp.c | 14 +++++++-------
net/netfilter/xt_esp.c | 6 +++---
net/netfilter/xt_hashlimit.c | 16 ++++++++--------
net/netfilter/xt_helper.c | 14 +++++++-------
net/netfilter/xt_limit.c | 6 +++---
net/netfilter/xt_mark.c | 6 +++---
net/netfilter/xt_multiport.c | 10 +++++-----
net/netfilter/xt_physdev.c | 8 ++++----
net/netfilter/xt_policy.c | 16 ++++++++--------
net/netfilter/xt_quota.c | 6 +++---
net/netfilter/xt_sctp.c | 2 +-
net/netfilter/xt_state.c | 14 +++++++-------
net/netfilter/xt_statistic.c | 6 +++---
net/netfilter/xt_string.c | 20 ++++++++++----------
net/netfilter/xt_tcpudp.c | 4 ++--
33 files changed, 148 insertions(+), 148 deletions(-)
Index: linux-2.6.22-rc3-git6/include/linux/netfilter/x_tables.h
===================================================================
--- linux-2.6.22-rc3-git6.orig/include/linux/netfilter/x_tables.h
+++ linux-2.6.22-rc3-git6/include/linux/netfilter/x_tables.h
@@ -152,11 +152,11 @@ struct xt_match
/* Called when user tries to insert an entry of this type. */
/* Should return true or false. */
- int (*checkentry)(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask);
+ bool (*checkentry)(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask);
/* Called when entry of this type deleted. */
void (*destroy)(const struct xt_match *match, void *matchinfo);
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ip_tables.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ip_tables.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ip_tables.c
@@ -152,20 +152,20 @@ ip_packet_match(const struct iphdr *ip,
return 1;
}
-static inline int
+static inline bool
ip_checkentry(const struct ipt_ip *ip)
{
if (ip->flags & ~IPT_F_MASK) {
duprintf("Unknown flag bits set: %08X\n",
ip->flags & ~IPT_F_MASK);
- return 0;
+ return false;
}
if (ip->invflags & ~IPT_INV_MASK) {
duprintf("Unknown invflag bits set: %08X\n",
ip->invflags & ~IPT_INV_MASK);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static unsigned int
@@ -2104,7 +2104,7 @@ icmp_match(const struct sk_buff *skb,
}
/* Called when user tries to insert an entry of this type. */
-static int
+static bool
icmp_checkentry(const char *tablename,
const void *info,
const struct xt_match *match,
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ah.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_ah.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ah.c
@@ -70,7 +70,7 @@ match(const struct sk_buff *skb,
}
/* Called when user tries to insert an entry of this type. */
-static int
+static bool
checkentry(const char *tablename,
const void *ip_void,
const struct xt_match *match,
@@ -82,9 +82,9 @@ checkentry(const char *tablename,
/* Must specify no unknown invflags */
if (ahinfo->invflags & ~IPT_AH_INV_MASK) {
duprintf("ipt_ah: unknown flags %X\n", ahinfo->invflags);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_match ah_match = {
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ecn.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_ecn.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ecn.c
@@ -87,27 +87,27 @@ static bool match(const struct sk_buff *
return true;
}
-static int checkentry(const char *tablename, const void *ip_void,
- const struct xt_match *match,
- void *matchinfo, unsigned int hook_mask)
+static bool checkentry(const char *tablename, const void *ip_void,
+ const struct xt_match *match,
+ void *matchinfo, unsigned int hook_mask)
{
const struct ipt_ecn_info *info = matchinfo;
const struct ipt_ip *ip = ip_void;
if (info->operation & IPT_ECN_OP_MATCH_MASK)
- return 0;
+ return false;
if (info->invert & IPT_ECN_OP_MATCH_MASK)
- return 0;
+ return false;
if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)
&& ip->proto != IPPROTO_TCP) {
printk(KERN_WARNING "ipt_ecn: can't match TCP bits in rule for"
" non-tcp packets\n");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_match ecn_match = {
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_owner.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_owner.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_owner.c
@@ -51,7 +51,7 @@ match(const struct sk_buff *skb,
return true;
}
-static int
+static bool
checkentry(const char *tablename,
const void *ip,
const struct xt_match *match,
@@ -63,9 +63,9 @@ checkentry(const char *tablename,
if (info->match & (IPT_OWNER_PID|IPT_OWNER_SID|IPT_OWNER_COMM)) {
printk("ipt_owner: pid, sid and command matching "
"not supported anymore\n");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_match owner_match = {
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_recent.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_recent.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_recent.c
@@ -235,7 +235,7 @@ out:
return ret;
}
-static int
+static bool
ipt_recent_checkentry(const char *tablename, const void *ip,
const struct xt_match *match, void *matchinfo,
unsigned int hook_mask)
@@ -243,24 +243,24 @@ ipt_recent_checkentry(const char *tablen
const struct ipt_recent_info *info = matchinfo;
struct recent_table *t;
unsigned i;
- int ret = 0;
+ bool ret = false;
if (hweight8(info->check_set &
(IPT_RECENT_SET | IPT_RECENT_REMOVE |
IPT_RECENT_CHECK | IPT_RECENT_UPDATE)) != 1)
- return 0;
+ return false;
if ((info->check_set & (IPT_RECENT_SET | IPT_RECENT_REMOVE)) &&
(info->seconds || info->hit_count))
- return 0;
+ return false;
if (info->name[0] == '\0' ||
strnlen(info->name, IPT_RECENT_NAME_LEN) == IPT_RECENT_NAME_LEN)
- return 0;
+ return false;
mutex_lock(&recent_mutex);
t = recent_table_lookup(info->name);
if (t != NULL) {
t->refcnt++;
- ret = 1;
+ ret = true;
goto out;
}
@@ -287,7 +287,7 @@ ipt_recent_checkentry(const char *tablen
spin_lock_bh(&recent_lock);
list_add_tail(&t->list, &tables);
spin_unlock_bh(&recent_lock);
- ret = 1;
+ ret = true;
out:
mutex_unlock(&recent_mutex);
return ret;
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6_tables.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6_tables.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6_tables.c
@@ -188,20 +188,20 @@ ip6_packet_match(const struct sk_buff *s
}
/* should be ip6 safe */
-static inline int
+static inline bool
ip6_checkentry(const struct ip6t_ip6 *ipv6)
{
if (ipv6->flags & ~IP6T_F_MASK) {
duprintf("Unknown flag bits set: %08X\n",
ipv6->flags & ~IP6T_F_MASK);
- return 0;
+ return false;
}
if (ipv6->invflags & ~IP6T_INV_MASK) {
duprintf("Unknown invflag bits set: %08X\n",
ipv6->invflags & ~IP6T_INV_MASK);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static unsigned int
@@ -1282,10 +1282,10 @@ void ip6t_unregister_table(struct xt_tab
}
/* Returns 1 if the type and code is matched by the range, 0 otherwise */
-static inline int
+static inline bool
icmp6_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
u_int8_t type, u_int8_t code,
- int invert)
+ bool invert)
{
return (type == test_type && code >= min_code && code <= max_code)
^ invert;
@@ -1325,7 +1325,7 @@ icmp6_match(const struct sk_buff *skb,
}
/* Called when user tries to insert an entry of this type. */
-static int
+static bool
icmp6_checkentry(const char *tablename,
const void *entry,
const struct xt_match *match,
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_ah.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_ah.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_ah.c
@@ -103,7 +103,7 @@ match(const struct sk_buff *skb,
}
/* Called when user tries to insert an entry of this type. */
-static int
+static bool
checkentry(const char *tablename,
const void *entry,
const struct xt_match *match,
@@ -114,9 +114,9 @@ checkentry(const char *tablename,
if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {
DEBUGP("ip6t_ah: unknown flags %X\n", ahinfo->invflags);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_match ah_match = {
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_frag.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_frag.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_frag.c
@@ -120,7 +120,7 @@ match(const struct sk_buff *skb,
}
/* Called when user tries to insert an entry of this type. */
-static int
+static bool
checkentry(const char *tablename,
const void *ip,
const struct xt_match *match,
@@ -131,9 +131,9 @@ checkentry(const char *tablename,
if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {
DEBUGP("ip6t_frag: unknown flags %X\n", fraginfo->invflags);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_match frag_match = {
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_hbh.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_hbh.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_hbh.c
@@ -174,7 +174,7 @@ match(const struct sk_buff *skb,
}
/* Called when user tries to insert an entry of this type. */
-static int
+static bool
checkentry(const char *tablename,
const void *entry,
const struct xt_match *match,
@@ -185,9 +185,9 @@ checkentry(const char *tablename,
if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
DEBUGP("ip6t_opts: unknown flags %X\n", optsinfo->invflags);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_match opts_match[] = {
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_ipv6header.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_ipv6header.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -124,7 +124,7 @@ ipv6header_match(const struct sk_buff *s
}
}
-static int
+static bool
ipv6header_checkentry(const char *tablename,
const void *ip,
const struct xt_match *match,
@@ -136,9 +136,9 @@ ipv6header_checkentry(const char *tablen
/* invflags is 0 or 0xff in hard mode */
if ((!info->modeflag) && info->invflags != 0x00 &&
info->invflags != 0xFF)
- return 0;
+ return false;
- return 1;
+ return true;
}
static struct xt_match ip6t_ipv6header_match = {
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_mh.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_mh.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_mh.c
@@ -75,7 +75,7 @@ match(const struct sk_buff *skb,
}
/* Called when user tries to insert an entry of this type. */
-static int
+static bool
mh_checkentry(const char *tablename,
const void *entry,
const struct xt_match *match,
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_owner.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_owner.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_owner.c
@@ -53,7 +53,7 @@ match(const struct sk_buff *skb,
return true;
}
-static int
+static bool
checkentry(const char *tablename,
const void *ip,
const struct xt_match *match,
@@ -65,9 +65,9 @@ checkentry(const char *tablename,
if (info->match & (IP6T_OWNER_PID | IP6T_OWNER_SID)) {
printk("ipt_owner: pid and sid matching "
"not supported anymore\n");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_match owner_match = {
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_rt.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_rt.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_rt.c
@@ -198,7 +198,7 @@ match(const struct sk_buff *skb,
}
/* Called when user tries to insert an entry of this type. */
-static int
+static bool
checkentry(const char *tablename,
const void *entry,
const struct xt_match *match,
@@ -209,17 +209,17 @@ checkentry(const char *tablename,
if (rtinfo->invflags & ~IP6T_RT_INV_MASK) {
DEBUGP("ip6t_rt: unknown flags %X\n", rtinfo->invflags);
- return 0;
+ return false;
}
if ((rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST_MASK)) &&
(!(rtinfo->flags & IP6T_RT_TYP) ||
(rtinfo->rt_type != 0) ||
(rtinfo->invflags & IP6T_RT_INV_TYP))) {
DEBUGP("`--rt-type 0' required before `--rt-0-*'");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_match rt_match = {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_connbytes.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_connbytes.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_connbytes.c
@@ -95,31 +95,31 @@ match(const struct sk_buff *skb,
return (what >= sinfo->count.from);
}
-static int check(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static bool check(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask)
{
const struct xt_connbytes_info *sinfo = matchinfo;
if (sinfo->what != XT_CONNBYTES_PKTS &&
sinfo->what != XT_CONNBYTES_BYTES &&
sinfo->what != XT_CONNBYTES_AVGPKT)
- return 0;
+ return false;
if (sinfo->direction != XT_CONNBYTES_DIR_ORIGINAL &&
sinfo->direction != XT_CONNBYTES_DIR_REPLY &&
sinfo->direction != XT_CONNBYTES_DIR_BOTH)
- return 0;
+ return false;
if (nf_ct_l3proto_try_module_get(match->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", match->family);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static void
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_connmark.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_connmark.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_connmark.c
@@ -51,7 +51,7 @@ match(const struct sk_buff *skb,
return (((ct->mark) & info->mask) == info->mark) ^ info->invert;
}
-static int
+static bool
checkentry(const char *tablename,
const void *ip,
const struct xt_match *match,
@@ -62,14 +62,14 @@ checkentry(const char *tablename,
if (cm->mark > 0xffffffff || cm->mask > 0xffffffff) {
printk(KERN_WARNING "connmark: only support 32bit mark\n");
- return 0;
+ return false;
}
if (nf_ct_l3proto_try_module_get(match->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", match->family);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static void
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_conntrack.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_conntrack.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_conntrack.c
@@ -114,7 +114,7 @@ match(const struct sk_buff *skb,
return true;
}
-static int
+static bool
checkentry(const char *tablename,
const void *ip,
const struct xt_match *match,
@@ -124,9 +124,9 @@ checkentry(const char *tablename,
if (nf_ct_l3proto_try_module_get(match->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", match->family);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static void destroy(const struct xt_match *match, void *matchinfo)
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_dccp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_dccp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_dccp.c
@@ -126,7 +126,7 @@ match(const struct sk_buff *skb,
XT_DCCP_OPTION, info->flags, info->invflags);
}
-static int
+static bool
checkentry(const char *tablename,
const void *inf,
const struct xt_match *match,
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_dscp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_dscp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_dscp.c
@@ -52,20 +52,20 @@ static bool match6(const struct sk_buff
return (dscp == info->dscp) ^ !!info->invert;
}
-static int checkentry(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static bool checkentry(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask)
{
const u_int8_t dscp = ((struct xt_dscp_info *)matchinfo)->dscp;
if (dscp > XT_DSCP_MAX) {
printk(KERN_ERR "xt_dscp: dscp %x out of range\n", dscp);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_match xt_dscp_match[] = {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_esp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_esp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_esp.c
@@ -74,7 +74,7 @@ match(const struct sk_buff *skb,
}
/* Called when user tries to insert an entry of this type. */
-static int
+static bool
checkentry(const char *tablename,
const void *ip_void,
const struct xt_match *match,
@@ -85,10 +85,10 @@ checkentry(const char *tablename,
if (espinfo->invflags & ~XT_ESP_INV_MASK) {
duprintf("xt_esp: unknown flags %X\n", espinfo->invflags);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_match xt_esp_match[] = {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_hashlimit.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_hashlimit.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_hashlimit.c
@@ -492,7 +492,7 @@ hotdrop:
return false;
}
-static int
+static bool
hashlimit_checkentry(const char *tablename,
const void *inf,
const struct xt_match *match,
@@ -506,20 +506,20 @@ hashlimit_checkentry(const char *tablena
user2credits(r->cfg.avg * r->cfg.burst) < user2credits(r->cfg.avg)) {
printk(KERN_ERR "xt_hashlimit: overflow, try lower: %u/%u\n",
r->cfg.avg, r->cfg.burst);
- return 0;
+ return false;
}
if (r->cfg.mode == 0 ||
r->cfg.mode > (XT_HASHLIMIT_HASH_DPT |
XT_HASHLIMIT_HASH_DIP |
XT_HASHLIMIT_HASH_SIP |
XT_HASHLIMIT_HASH_SPT))
- return 0;
+ return false;
if (!r->cfg.gc_interval)
- return 0;
+ return false;
if (!r->cfg.expire)
- return 0;
+ return false;
if (r->name[sizeof(r->name) - 1] != '\0')
- return 0;
+ return false;
/* This is the best we've got: We cannot release and re-grab lock,
* since checkentry() is called before x_tables.c grabs xt_mutex.
@@ -531,13 +531,13 @@ hashlimit_checkentry(const char *tablena
r->hinfo = htable_find_get(r->name, match->family);
if (!r->hinfo && htable_create(r, match->family) != 0) {
mutex_unlock(&hlimit_mutex);
- return 0;
+ return false;
}
mutex_unlock(&hlimit_mutex);
/* Ugly hack: For SMP, we only want to use one set */
r->u.master = r;
- return 1;
+ return true;
}
static void
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_helper.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_helper.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_helper.c
@@ -76,21 +76,21 @@ out_unlock:
return ret;
}
-static int check(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static bool check(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask)
{
struct xt_helper_info *info = matchinfo;
if (nf_ct_l3proto_try_module_get(match->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", match->family);
- return 0;
+ return false;
}
info->name[29] = '\0';
- return 1;
+ return true;
}
static void
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_limit.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_limit.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_limit.c
@@ -98,7 +98,7 @@ user2credits(u_int32_t user)
return (user * HZ * CREDITS_PER_JIFFY) / XT_LIMIT_SCALE;
}
-static int
+static bool
ipt_limit_checkentry(const char *tablename,
const void *inf,
const struct xt_match *match,
@@ -112,7 +112,7 @@ ipt_limit_checkentry(const char *tablena
|| user2credits(r->avg * r->burst) < user2credits(r->avg)) {
printk("Overflow in xt_limit, try lower: %u/%u\n",
r->avg, r->burst);
- return 0;
+ return false;
}
/* For SMP, we only want to use one set of counters. */
@@ -125,7 +125,7 @@ ipt_limit_checkentry(const char *tablena
r->credit_cap = user2credits(r->avg * r->burst); /* Credits full. */
r->cost = user2credits(r->avg);
}
- return 1;
+ return true;
}
#ifdef CONFIG_COMPAT
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_mark.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_mark.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_mark.c
@@ -34,7 +34,7 @@ match(const struct sk_buff *skb,
return ((skb->mark & info->mask) == info->mark) ^ info->invert;
}
-static int
+static bool
checkentry(const char *tablename,
const void *entry,
const struct xt_match *match,
@@ -45,9 +45,9 @@ checkentry(const char *tablename,
if (minfo->mark > 0xffffffff || minfo->mask > 0xffffffff) {
printk(KERN_WARNING "mark: only supports 32bit mark\n");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
#ifdef CONFIG_COMPAT
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_multiport.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_multiport.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_multiport.c
@@ -154,7 +154,7 @@ match_v1(const struct sk_buff *skb,
return ports_match_v1(multiinfo, ntohs(pptr[0]), ntohs(pptr[1]));
}
-static inline int
+static inline bool
check(u_int16_t proto,
u_int8_t ip_invflags,
u_int8_t match_flags,
@@ -172,7 +172,7 @@ check(u_int16_t proto,
}
/* Called when user tries to insert an entry of this type. */
-static int
+static bool
checkentry(const char *tablename,
const void *info,
const struct xt_match *match,
@@ -186,7 +186,7 @@ checkentry(const char *tablename,
multiinfo->count);
}
-static int
+static bool
checkentry_v1(const char *tablename,
const void *info,
const struct xt_match *match,
@@ -200,7 +200,7 @@ checkentry_v1(const char *tablename,
multiinfo->count);
}
-static int
+static bool
checkentry6(const char *tablename,
const void *info,
const struct xt_match *match,
@@ -214,7 +214,7 @@ checkentry6(const char *tablename,
multiinfo->count);
}
-static int
+static bool
checkentry6_v1(const char *tablename,
const void *info,
const struct xt_match *match,
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_physdev.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_physdev.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_physdev.c
@@ -99,7 +99,7 @@ match_outdev:
return ret ^ !(info->invert & XT_PHYSDEV_OP_OUT);
}
-static int
+static bool
checkentry(const char *tablename,
const void *ip,
const struct xt_match *match,
@@ -110,7 +110,7 @@ checkentry(const char *tablename,
if (!(info->bitmask & XT_PHYSDEV_OP_MASK) ||
info->bitmask & ~XT_PHYSDEV_OP_MASK)
- return 0;
+ return false;
if (info->bitmask & XT_PHYSDEV_OP_OUT &&
(!(info->bitmask & XT_PHYSDEV_OP_BRIDGED) ||
info->invert & XT_PHYSDEV_OP_BRIDGED) &&
@@ -120,9 +120,9 @@ checkentry(const char *tablename,
"OUTPUT, FORWARD and POSTROUTING chains for non-bridged "
"traffic is not supported anymore.\n");
if (hook_mask & (1 << NF_IP_LOCAL_OUT))
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_match xt_physdev_match[] = {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_policy.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_policy.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_policy.c
@@ -133,35 +133,35 @@ static bool match(const struct sk_buff *
return ret;
}
-static int checkentry(const char *tablename, const void *ip_void,
- const struct xt_match *match,
- void *matchinfo, unsigned int hook_mask)
+static bool checkentry(const char *tablename, const void *ip_void,
+ const struct xt_match *match,
+ void *matchinfo, unsigned int hook_mask)
{
struct xt_policy_info *info = matchinfo;
if (!(info->flags & (XT_POLICY_MATCH_IN|XT_POLICY_MATCH_OUT))) {
printk(KERN_ERR "xt_policy: neither incoming nor "
"outgoing policy selected\n");
- return 0;
+ return false;
}
/* hook values are equal for IPv4 and IPv6 */
if (hook_mask & (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_LOCAL_IN)
&& info->flags & XT_POLICY_MATCH_OUT) {
printk(KERN_ERR "xt_policy: output policy not valid in "
"PRE_ROUTING and INPUT\n");
- return 0;
+ return false;
}
if (hook_mask & (1 << NF_IP_POST_ROUTING | 1 << NF_IP_LOCAL_OUT)
&& info->flags & XT_POLICY_MATCH_IN) {
printk(KERN_ERR "xt_policy: input policy not valid in "
"POST_ROUTING and OUTPUT\n");
- return 0;
+ return false;
}
if (info->len > XT_POLICY_MAX_ELEM) {
printk(KERN_ERR "xt_policy: too many policy elements\n");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_match xt_policy_match[] = {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_quota.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_quota.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_quota.c
@@ -38,7 +38,7 @@ match(const struct sk_buff *skb,
return ret;
}
-static int
+static bool
checkentry(const char *tablename, const void *entry,
const struct xt_match *match, void *matchinfo,
unsigned int hook_mask)
@@ -46,10 +46,10 @@ checkentry(const char *tablename, const
struct xt_quota_info *q = (struct xt_quota_info *)matchinfo;
if (q->flags & ~XT_QUOTA_MASK)
- return 0;
+ return false;
/* For SMP, we only want to use one set of counters. */
q->master = q;
- return 1;
+ return true;
}
static struct xt_match xt_quota_match[] = {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_sctp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_sctp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_sctp.c
@@ -158,7 +158,7 @@ match(const struct sk_buff *skb,
XT_SCTP_CHUNK_TYPES, info->flags, info->invflags);
}
-static int
+static bool
checkentry(const char *tablename,
const void *inf,
const struct xt_match *match,
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_state.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_state.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_state.c
@@ -44,18 +44,18 @@ match(const struct sk_buff *skb,
return (sinfo->statemask & statebit);
}
-static int check(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static bool check(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask)
{
if (nf_ct_l3proto_try_module_get(match->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", match->family);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static void
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_statistic.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_statistic.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_statistic.c
@@ -52,7 +52,7 @@ match(const struct sk_buff *skb,
return ret;
}
-static int
+static bool
checkentry(const char *tablename, const void *entry,
const struct xt_match *match, void *matchinfo,
unsigned int hook_mask)
@@ -61,9 +61,9 @@ checkentry(const char *tablename, const
if (info->mode > XT_STATISTIC_MODE_MAX ||
info->flags & ~XT_STATISTIC_MASK)
- return 0;
+ return false;
info->master = info;
- return 1;
+ return true;
}
static struct xt_match xt_statistic_match[] = {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_string.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_string.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_string.c
@@ -42,30 +42,30 @@ static bool match(const struct sk_buff *
#define STRING_TEXT_PRIV(m) ((struct xt_string_info *) m)
-static int checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static bool checkentry(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask)
{
struct xt_string_info *conf = matchinfo;
struct ts_config *ts_conf;
/* Damn, can't handle this case properly with iptables... */
if (conf->from_offset > conf->to_offset)
- return 0;
+ return false;
if (conf->algo[XT_STRING_MAX_ALGO_NAME_SIZE - 1] != '\0')
- return 0;
+ return false;
if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
- return 0;
+ return false;
ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
GFP_KERNEL, TS_AUTOLOAD);
if (IS_ERR(ts_conf))
- return 0;
+ return false;
conf->config = ts_conf;
- return 1;
+ return true;
}
static void destroy(const struct xt_match *match, void *matchinfo)
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_tcpudp.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_tcpudp.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_tcpudp.c
@@ -133,7 +133,7 @@ tcp_match(const struct sk_buff *skb,
}
/* Called when user tries to insert an entry of this type. */
-static int
+static bool
tcp_checkentry(const char *tablename,
const void *info,
const struct xt_match *match,
@@ -181,7 +181,7 @@ udp_match(const struct sk_buff *skb,
}
/* Called when user tries to insert an entry of this type. */
-static int
+static bool
udp_checkentry(const char *tablename,
const void *info,
const struct xt_match *match,
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 4/4] Switch xt_target->checkentry to bool
2007-06-04 15:09 [PATCH 0/4] Use bools for xt_match and xt_target Jan Engelhardt
` (2 preceding siblings ...)
2007-06-04 15:11 ` [PATCH 3/4] Switch xt_match->checkentry " Jan Engelhardt
@ 2007-06-04 15:11 ` Jan Engelhardt
2007-06-04 15:25 ` Patrick McHardy
2007-06-04 15:29 ` [PATCH 5/4] Use bools for xt_match Jan Engelhardt
4 siblings, 1 reply; 17+ messages in thread
From: Jan Engelhardt @ 2007-06-04 15:11 UTC (permalink / raw)
To: kaber; +Cc: Netfilter Developer Mailing List
Switch the return type of target functions to boolean.
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
---
include/linux/netfilter/x_tables.h | 10 +++++-----
net/ipv4/netfilter/arpt_mangle.c | 8 ++++----
net/ipv4/netfilter/ipt_CLUSTERIP.c | 28 ++++++++++++++--------------
net/ipv4/netfilter/ipt_ECN.c | 30 +++++++++++++++---------------
net/ipv4/netfilter/ipt_LOG.c | 16 ++++++++--------
net/ipv4/netfilter/ipt_MASQUERADE.c | 8 ++++----
net/ipv4/netfilter/ipt_NETMAP.c | 8 ++++----
net/ipv4/netfilter/ipt_REDIRECT.c | 8 ++++----
net/ipv4/netfilter/ipt_REJECT.c | 16 ++++++++--------
net/ipv4/netfilter/ipt_SAME.c | 14 +++++++-------
net/ipv4/netfilter/ipt_TOS.c | 6 +++---
net/ipv4/netfilter/ipt_TTL.c | 8 ++++----
net/ipv4/netfilter/ipt_ULOG.c | 16 ++++++++--------
net/ipv4/netfilter/nf_nat_rule.c | 28 ++++++++++++++--------------
net/ipv6/netfilter/ip6t_HL.c | 8 ++++----
net/ipv6/netfilter/ip6t_LOG.c | 16 ++++++++--------
net/ipv6/netfilter/ip6t_REJECT.c | 16 ++++++++--------
net/netfilter/xt_CONNMARK.c | 10 +++++-----
net/netfilter/xt_CONNSECMARK.c | 12 ++++++------
net/netfilter/xt_DSCP.c | 14 +++++++-------
net/netfilter/xt_MARK.c | 14 +++++++-------
net/netfilter/xt_NFLOG.c | 8 ++++----
net/netfilter/xt_SECMARK.c | 24 ++++++++++++------------
net/netfilter/xt_TCPMSS.c | 22 +++++++++++-----------
24 files changed, 174 insertions(+), 174 deletions(-)
Index: linux-2.6.22-rc3-git6/include/linux/netfilter/x_tables.h
===================================================================
--- linux-2.6.22-rc3-git6.orig/include/linux/netfilter/x_tables.h
+++ linux-2.6.22-rc3-git6/include/linux/netfilter/x_tables.h
@@ -202,11 +202,11 @@ struct xt_target
hook_mask is a bitmask of hooks from which it can be
called. */
/* Should return true or false. */
- int (*checkentry)(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask);
+ bool (*checkentry)(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask);
/* Called when entry of this type deleted. */
void (*destroy)(const struct xt_target *target, void *targinfo);
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/arpt_mangle.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/arpt_mangle.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/arpt_mangle.c
@@ -65,7 +65,7 @@ target(struct sk_buff **pskb,
return mangle->target;
}
-static int
+static bool
checkentry(const char *tablename, const void *e, const struct xt_target *target,
void *targinfo, unsigned int hook_mask)
{
@@ -73,12 +73,12 @@ checkentry(const char *tablename, const
if (mangle->flags & ~ARPT_MANGLE_MASK ||
!(mangle->flags & ARPT_MANGLE_MASK))
- return 0;
+ return false;
if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
mangle->target != ARPT_CONTINUE)
- return 0;
- return 1;
+ return false;
+ return true;
}
static struct arpt_target arpt_mangle_reg = {
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_CLUSTERIP.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -220,17 +220,17 @@ clusterip_add_node(struct clusterip_conf
return 0;
}
-static int
+static bool
clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum)
{
if (nodenum == 0 ||
nodenum > c->num_total_nodes)
- return 1;
+ return true;
if (test_and_clear_bit(nodenum - 1, &c->local_nodes))
- return 0;
+ return false;
- return 1;
+ return true;
}
#endif
@@ -370,7 +370,7 @@ target(struct sk_buff **pskb,
return XT_CONTINUE;
}
-static int
+static bool
checkentry(const char *tablename,
const void *e_void,
const struct xt_target *target,
@@ -387,13 +387,13 @@ checkentry(const char *tablename,
cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) {
printk(KERN_WARNING "CLUSTERIP: unknown mode `%u'\n",
cipinfo->hash_mode);
- return 0;
+ return false;
}
if (e->ip.dmsk.s_addr != htonl(0xffffffff)
|| e->ip.dst.s_addr == 0) {
printk(KERN_ERR "CLUSTERIP: Please specify destination IP\n");
- return 0;
+ return false;
}
/* FIXME: further sanity checks */
@@ -407,7 +407,7 @@ checkentry(const char *tablename,
if (cipinfo->config != config) {
printk(KERN_ERR "CLUSTERIP: Reloaded entry "
"has invalid config pointer!\n");
- return 0;
+ return false;
}
} else {
/* Case B: This is a new rule referring to an existing
@@ -418,19 +418,19 @@ checkentry(const char *tablename,
/* Case C: This is a completely new clusterip config */
if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr));
- return 0;
+ return false;
} else {
struct net_device *dev;
if (e->ip.iniface[0] == '\0') {
printk(KERN_WARNING "CLUSTERIP: Please specify an interface name\n");
- return 0;
+ return false;
}
dev = dev_get_by_name(e->ip.iniface);
if (!dev) {
printk(KERN_WARNING "CLUSTERIP: no such interface %s\n", e->ip.iniface);
- return 0;
+ return false;
}
config = clusterip_config_init(cipinfo,
@@ -438,7 +438,7 @@ checkentry(const char *tablename,
if (!config) {
printk(KERN_WARNING "CLUSTERIP: cannot allocate config\n");
dev_put(dev);
- return 0;
+ return false;
}
dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0);
}
@@ -448,10 +448,10 @@ checkentry(const char *tablename,
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", target->family);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
/* drop reference count of cluster config when rule is deleted */
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ECN.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_ECN.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ECN.c
@@ -24,8 +24,8 @@ MODULE_AUTHOR("Harald Welte <laforge@net
MODULE_DESCRIPTION("iptables ECN modification module");
/* set ECT codepoint from IP header.
- * return 0 if there was an error. */
-static inline int
+ * return false if there was an error. */
+static inline bool
set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
{
struct iphdr *iph = ip_hdr(*pskb);
@@ -33,18 +33,18 @@ set_ect_ip(struct sk_buff **pskb, const
if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
__u8 oldtos;
if (!skb_make_writable(pskb, sizeof(struct iphdr)))
- return 0;
+ return false;
iph = ip_hdr(*pskb);
oldtos = iph->tos;
iph->tos &= ~IPT_ECN_IP_MASK;
iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));
}
- return 1;
+ return true;
}
-/* Return 0 if there was an error. */
-static inline int
+/* Return false if there was an error. */
+static inline bool
set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
{
struct tcphdr _tcph, *tcph;
@@ -54,16 +54,16 @@ set_ect_tcp(struct sk_buff **pskb, const
tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
sizeof(_tcph), &_tcph);
if (!tcph)
- return 0;
+ return false;
if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) ||
tcph->ece == einfo->proto.tcp.ece) &&
((!(einfo->operation & IPT_ECN_OP_SET_CWR) ||
tcph->cwr == einfo->proto.tcp.cwr)))
- return 1;
+ return true;
if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
- return 0;
+ return false;
tcph = (void *)ip_hdr(*pskb) + ip_hdrlen(*pskb);
oldval = ((__be16 *)tcph)[6];
@@ -74,7 +74,7 @@ set_ect_tcp(struct sk_buff **pskb, const
nf_proto_csum_replace2(&tcph->check, *pskb,
oldval, ((__be16 *)tcph)[6], 0);
- return 1;
+ return true;
}
static unsigned int
@@ -99,7 +99,7 @@ target(struct sk_buff **pskb,
return XT_CONTINUE;
}
-static int
+static bool
checkentry(const char *tablename,
const void *e_void,
const struct xt_target *target,
@@ -112,20 +112,20 @@ checkentry(const char *tablename,
if (einfo->operation & IPT_ECN_OP_MASK) {
printk(KERN_WARNING "ECN: unsupported ECN operation %x\n",
einfo->operation);
- return 0;
+ return false;
}
if (einfo->ip_ect & ~IPT_ECN_IP_MASK) {
printk(KERN_WARNING "ECN: new ECT codepoint %x out of mask\n",
einfo->ip_ect);
- return 0;
+ return false;
}
if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR))
&& (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) {
printk(KERN_WARNING "ECN: cannot use TCP operations on a "
"non-tcp rule\n");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_target ipt_ecn_reg = {
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_LOG.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_LOG.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_LOG.c
@@ -435,24 +435,24 @@ ipt_log_target(struct sk_buff **pskb,
return XT_CONTINUE;
}
-static int ipt_log_checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static bool ipt_log_checkentry(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask)
{
const struct ipt_log_info *loginfo = targinfo;
if (loginfo->level >= 8) {
DEBUGP("LOG: level %u >= 8\n", loginfo->level);
- return 0;
+ return false;
}
if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
DEBUGP("LOG: prefix term %i\n",
loginfo->prefix[sizeof(loginfo->prefix)-1]);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_target ipt_log_reg = {
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_MASQUERADE.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -37,7 +37,7 @@ MODULE_DESCRIPTION("iptables MASQUERADE
static DEFINE_RWLOCK(masq_lock);
/* FIXME: Multiple targets. --RR */
-static int
+static bool
masquerade_check(const char *tablename,
const void *e,
const struct xt_target *target,
@@ -48,13 +48,13 @@ masquerade_check(const char *tablename,
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
DEBUGP("masquerade_check: bad MAP_IPS.\n");
- return 0;
+ return false;
}
if (mr->rangesize != 1) {
DEBUGP("masquerade_check: bad rangesize %u.\n", mr->rangesize);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static unsigned int
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_NETMAP.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_NETMAP.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_NETMAP.c
@@ -29,7 +29,7 @@ MODULE_DESCRIPTION("iptables 1:1 NAT map
#define DEBUGP(format, args...)
#endif
-static int
+static bool
check(const char *tablename,
const void *e,
const struct xt_target *target,
@@ -40,13 +40,13 @@ check(const char *tablename,
if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) {
DEBUGP(MODULENAME":check: bad MAP_IPS.\n");
- return 0;
+ return false;
}
if (mr->rangesize != 1) {
DEBUGP(MODULENAME":check: bad rangesize %u.\n", mr->rangesize);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static unsigned int
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_REDIRECT.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_REDIRECT.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -32,7 +32,7 @@ MODULE_DESCRIPTION("iptables REDIRECT ta
#endif
/* FIXME: Take multiple ranges --RR */
-static int
+static bool
redirect_check(const char *tablename,
const void *e,
const struct xt_target *target,
@@ -43,13 +43,13 @@ redirect_check(const char *tablename,
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
DEBUGP("redirect_check: bad MAP_IPS.\n");
- return 0;
+ return false;
}
if (mr->rangesize != 1) {
DEBUGP("redirect_check: bad rangesize %u.\n", mr->rangesize);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static unsigned int
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_REJECT.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_REJECT.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_REJECT.c
@@ -217,27 +217,27 @@ static unsigned int reject(struct sk_buf
return NF_DROP;
}
-static int check(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static bool check(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask)
{
const struct ipt_reject_info *rejinfo = targinfo;
const struct ipt_entry *e = e_void;
if (rejinfo->with == IPT_ICMP_ECHOREPLY) {
printk("REJECT: ECHOREPLY no longer supported.\n");
- return 0;
+ return false;
} else if (rejinfo->with == IPT_TCP_RESET) {
/* Must specify that it's a TCP packet */
if (e->ip.proto != IPPROTO_TCP
|| (e->ip.invflags & XT_INV_PROTO)) {
DEBUGP("REJECT: TCP_RESET invalid for non-tcp\n");
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
static struct xt_target ipt_reject_reg = {
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_SAME.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_SAME.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_SAME.c
@@ -33,7 +33,7 @@ MODULE_DESCRIPTION("iptables special SNA
#define DEBUGP(format, args...)
#endif
-static int
+static bool
same_check(const char *tablename,
const void *e,
const struct xt_target *target,
@@ -47,13 +47,13 @@ same_check(const char *tablename,
if (mr->rangesize < 1) {
DEBUGP("same_check: need at least one dest range.\n");
- return 0;
+ return false;
}
if (mr->rangesize > IPT_SAME_MAX_RANGE) {
DEBUGP("same_check: too many ranges specified, maximum "
"is %u ranges\n",
IPT_SAME_MAX_RANGE);
- return 0;
+ return false;
}
for (count = 0; count < mr->rangesize; count++) {
if (ntohl(mr->range[count].min_ip) >
@@ -62,11 +62,11 @@ same_check(const char *tablename,
"range `%u.%u.%u.%u-%u.%u.%u.%u'.\n",
NIPQUAD(mr->range[count].min_ip),
NIPQUAD(mr->range[count].max_ip));
- return 0;
+ return false;
}
if (!(mr->range[count].flags & IP_NAT_RANGE_MAP_IPS)) {
DEBUGP("same_check: bad MAP_IPS.\n");
- return 0;
+ return false;
}
rangeip = (ntohl(mr->range[count].max_ip) -
ntohl(mr->range[count].min_ip) + 1);
@@ -81,7 +81,7 @@ same_check(const char *tablename,
DEBUGP("same_check: Couldn't allocate %u bytes "
"for %u ipaddresses!\n",
(sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
- return 0;
+ return false;
}
DEBUGP("same_check: Allocated %u bytes for %u ipaddresses.\n",
(sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
@@ -97,7 +97,7 @@ same_check(const char *tablename,
index++;
}
}
- return 1;
+ return true;
}
static void
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_TOS.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_TOS.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_TOS.c
@@ -43,7 +43,7 @@ target(struct sk_buff **pskb,
return XT_CONTINUE;
}
-static int
+static bool
checkentry(const char *tablename,
const void *e_void,
const struct xt_target *target,
@@ -58,9 +58,9 @@ checkentry(const char *tablename,
&& tos != IPTOS_MINCOST
&& tos != IPTOS_NORMALSVC) {
printk(KERN_WARNING "TOS: bad tos value %#x\n", tos);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_target ipt_tos_reg = {
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_TTL.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_TTL.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_TTL.c
@@ -62,7 +62,7 @@ ipt_ttl_target(struct sk_buff **pskb,
return XT_CONTINUE;
}
-static int ipt_ttl_checkentry(const char *tablename,
+static bool ipt_ttl_checkentry(const char *tablename,
const void *e,
const struct xt_target *target,
void *targinfo,
@@ -73,11 +73,11 @@ static int ipt_ttl_checkentry(const char
if (info->mode > IPT_TTL_MAXMODE) {
printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
info->mode);
- return 0;
+ return false;
}
if ((info->mode != IPT_TTL_SET) && (info->ttl == 0))
- return 0;
- return 1;
+ return false;
+ return true;
}
static struct xt_target ipt_TTL = {
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ULOG.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/ipt_ULOG.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/ipt_ULOG.c
@@ -328,25 +328,25 @@ static void ipt_logfn(unsigned int pf,
ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
}
-static int ipt_ulog_checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hookmask)
+static bool ipt_ulog_checkentry(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hookmask)
{
struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
DEBUGP("ipt_ULOG: prefix term %i\n",
loginfo->prefix[sizeof(loginfo->prefix) - 1]);
- return 0;
+ return false;
}
if (loginfo->qthreshold > ULOG_MAX_QLEN) {
DEBUGP("ipt_ULOG: queue threshold %i > MAX_QLEN\n",
loginfo->qthreshold);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
#ifdef CONFIG_COMPAT
Index: linux-2.6.22-rc3-git6/net/ipv4/netfilter/nf_nat_rule.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv4/netfilter/nf_nat_rule.c
+++ linux-2.6.22-rc3-git6/net/ipv4/netfilter/nf_nat_rule.c
@@ -140,36 +140,36 @@ static unsigned int ipt_dnat_target(stru
return nf_nat_setup_info(ct, &mr->range[0], hooknum);
}
-static int ipt_snat_checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static bool ipt_snat_checkentry(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask)
{
struct nf_nat_multi_range_compat *mr = targinfo;
/* Must be a valid range */
if (mr->rangesize != 1) {
printk("SNAT: multiple ranges no longer supported\n");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int ipt_dnat_checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static bool ipt_dnat_checkentry(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask)
{
struct nf_nat_multi_range_compat *mr = targinfo;
/* Must be a valid range */
if (mr->rangesize != 1) {
printk("DNAT: multiple ranges no longer supported\n");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
inline unsigned int
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_HL.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_HL.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_HL.c
@@ -58,7 +58,7 @@ static unsigned int ip6t_hl_target(struc
return XT_CONTINUE;
}
-static int ip6t_hl_checkentry(const char *tablename,
+static bool ip6t_hl_checkentry(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
@@ -69,14 +69,14 @@ static int ip6t_hl_checkentry(const char
if (info->mode > IP6T_HL_MAXMODE) {
printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
info->mode);
- return 0;
+ return false;
}
if ((info->mode != IP6T_HL_SET) && (info->hop_limit == 0)) {
printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
"make sense with value 0\n");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_target ip6t_HL = {
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_LOG.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_LOG.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_LOG.c
@@ -448,24 +448,24 @@ ip6t_log_target(struct sk_buff **pskb,
}
-static int ip6t_log_checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static bool ip6t_log_checkentry(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask)
{
const struct ip6t_log_info *loginfo = targinfo;
if (loginfo->level >= 8) {
DEBUGP("LOG: level %u >= 8\n", loginfo->level);
- return 0;
+ return false;
}
if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
DEBUGP("LOG: prefix term %i\n",
loginfo->prefix[sizeof(loginfo->prefix)-1]);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_target ip6t_log_reg = {
Index: linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_REJECT.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/ipv6/netfilter/ip6t_REJECT.c
+++ linux-2.6.22-rc3-git6/net/ipv6/netfilter/ip6t_REJECT.c
@@ -221,27 +221,27 @@ static unsigned int reject6_target(struc
return NF_DROP;
}
-static int check(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static bool check(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask)
{
const struct ip6t_reject_info *rejinfo = targinfo;
const struct ip6t_entry *e = entry;
if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) {
printk("ip6t_REJECT: ECHOREPLY is not supported.\n");
- return 0;
+ return false;
} else if (rejinfo->with == IP6T_TCP_RESET) {
/* Must specify that it's a TCP packet */
if (e->ipv6.proto != IPPROTO_TCP
|| (e->ipv6.invflags & XT_INV_PROTO)) {
DEBUGP("ip6t_REJECT: TCP_RESET illegal for non-tcp\n");
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
static struct xt_target ip6t_reject_reg = {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_CONNMARK.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_CONNMARK.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_CONNMARK.c
@@ -76,7 +76,7 @@ target(struct sk_buff **pskb,
return XT_CONTINUE;
}
-static int
+static bool
checkentry(const char *tablename,
const void *entry,
const struct xt_target *target,
@@ -88,21 +88,21 @@ checkentry(const char *tablename,
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", target->family);
- return 0;
+ return false;
}
if (matchinfo->mode == XT_CONNMARK_RESTORE) {
if (strcmp(tablename, "mangle") != 0) {
printk(KERN_WARNING "CONNMARK: restore can only be "
"called from \"mangle\" table, not \"%s\"\n",
tablename);
- return 0;
+ return false;
}
}
if (matchinfo->mark > 0xffffffff || matchinfo->mask > 0xffffffff) {
printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static void
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_CONNSECMARK.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_CONNSECMARK.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_CONNSECMARK.c
@@ -85,16 +85,16 @@ static unsigned int target(struct sk_buf
return XT_CONTINUE;
}
-static int checkentry(const char *tablename, const void *entry,
- const struct xt_target *target, void *targinfo,
- unsigned int hook_mask)
+static bool checkentry(const char *tablename, const void *entry,
+ const struct xt_target *target, void *targinfo,
+ unsigned int hook_mask)
{
struct xt_connsecmark_target_info *info = targinfo;
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", target->family);
- return 0;
+ return false;
}
switch (info->mode) {
case CONNSECMARK_SAVE:
@@ -103,10 +103,10 @@ static int checkentry(const char *tablen
default:
printk(KERN_INFO PFX "invalid mode: %hu\n", info->mode);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static void
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_DSCP.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_DSCP.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_DSCP.c
@@ -66,19 +66,19 @@ static unsigned int target6(struct sk_bu
return XT_CONTINUE;
}
-static int checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static bool checkentry(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask)
{
const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
if ((dscp > XT_DSCP_MAX)) {
printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
static struct xt_target xt_dscp_target[] = {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_MARK.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_MARK.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_MARK.c
@@ -65,7 +65,7 @@ target_v1(struct sk_buff **pskb,
}
-static int
+static bool
checkentry_v0(const char *tablename,
const void *entry,
const struct xt_target *target,
@@ -76,12 +76,12 @@ checkentry_v0(const char *tablename,
if (markinfo->mark > 0xffffffff) {
printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int
+static bool
checkentry_v1(const char *tablename,
const void *entry,
const struct xt_target *target,
@@ -95,13 +95,13 @@ checkentry_v1(const char *tablename,
&& markinfo->mode != XT_MARK_OR) {
printk(KERN_WARNING "MARK: unknown mode %u\n",
markinfo->mode);
- return 0;
+ return false;
}
if (markinfo->mark > 0xffffffff) {
printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
#ifdef CONFIG_COMPAT
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_NFLOG.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_NFLOG.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_NFLOG.c
@@ -38,7 +38,7 @@ nflog_target(struct sk_buff **pskb,
return XT_CONTINUE;
}
-static int
+static bool
nflog_checkentry(const char *tablename, const void *entry,
const struct xt_target *target, void *targetinfo,
unsigned int hookmask)
@@ -46,10 +46,10 @@ nflog_checkentry(const char *tablename,
struct xt_nflog_info *info = targetinfo;
if (info->flags & ~XT_NFLOG_MASK)
- return 0;
+ return false;
if (info->prefix[sizeof(info->prefix) - 1] != '\0')
- return 0;
- return 1;
+ return false;
+ return true;
}
static struct xt_target xt_nflog_target[] = {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_SECMARK.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_SECMARK.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_SECMARK.c
@@ -51,7 +51,7 @@ static unsigned int target(struct sk_buf
return XT_CONTINUE;
}
-static int checkentry_selinux(struct xt_secmark_target_info *info)
+static bool checkentry_selinux(struct xt_secmark_target_info *info)
{
int err;
struct xt_secmark_target_selinux_info *sel = &info->u.sel;
@@ -63,50 +63,50 @@ static int checkentry_selinux(struct xt_
if (err == -EINVAL)
printk(KERN_INFO PFX "invalid SELinux context \'%s\'\n",
sel->selctx);
- return 0;
+ return false;
}
if (!sel->selsid) {
printk(KERN_INFO PFX "unable to map SELinux context \'%s\'\n",
sel->selctx);
- return 0;
+ return false;
}
err = selinux_relabel_packet_permission(sel->selsid);
if (err) {
printk(KERN_INFO PFX "unable to obtain relabeling permission\n");
- return 0;
+ return false;
}
- return 1;
+ return true;
}
-static int checkentry(const char *tablename, const void *entry,
- const struct xt_target *target, void *targinfo,
- unsigned int hook_mask)
+static bool checkentry(const char *tablename, const void *entry,
+ const struct xt_target *target, void *targinfo,
+ unsigned int hook_mask)
{
struct xt_secmark_target_info *info = targinfo;
if (mode && mode != info->mode) {
printk(KERN_INFO PFX "mode already set to %hu cannot mix with "
"rules for mode %hu\n", mode, info->mode);
- return 0;
+ return false;
}
switch (info->mode) {
case SECMARK_MODE_SEL:
if (!checkentry_selinux(info))
- return 0;
+ return false;
break;
default:
printk(KERN_INFO PFX "invalid mode: %hu\n", info->mode);
- return 0;
+ return false;
}
if (!mode)
mode = info->mode;
- return 1;
+ return true;
}
static struct xt_target xt_secmark_target[] = {
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_TCPMSS.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_TCPMSS.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_TCPMSS.c
@@ -197,19 +197,19 @@ xt_tcpmss_target6(struct sk_buff **pskb,
#define TH_SYN 0x02
/* Must specify -p tcp --syn */
-static inline int find_syn_match(const struct xt_entry_match *m)
+static inline bool find_syn_match(const struct xt_entry_match *m)
{
const struct xt_tcp *tcpinfo = (const struct xt_tcp *)m->data;
if (strcmp(m->u.kernel.match->name, "tcp") == 0 &&
tcpinfo->flg_cmp & TH_SYN &&
!(tcpinfo->invflags & XT_TCP_INV_FLAGS))
- return 1;
+ return true;
- return 0;
+ return false;
}
-static int
+static bool
xt_tcpmss_checkentry4(const char *tablename,
const void *entry,
const struct xt_target *target,
@@ -225,16 +225,16 @@ xt_tcpmss_checkentry4(const char *tablen
(1 << NF_IP_POST_ROUTING))) != 0) {
printk("xt_TCPMSS: path-MTU clamping only supported in "
"FORWARD, OUTPUT and POSTROUTING hooks\n");
- return 0;
+ return false;
}
if (IPT_MATCH_ITERATE(e, find_syn_match))
- return 1;
+ return true;
printk("xt_TCPMSS: Only works on TCP SYN packets\n");
- return 0;
+ return false;
}
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
-static int
+static bool
xt_tcpmss_checkentry6(const char *tablename,
const void *entry,
const struct xt_target *target,
@@ -250,12 +250,12 @@ xt_tcpmss_checkentry6(const char *tablen
(1 << NF_IP6_POST_ROUTING))) != 0) {
printk("xt_TCPMSS: path-MTU clamping only supported in "
"FORWARD, OUTPUT and POSTROUTING hooks\n");
- return 0;
+ return false;
}
if (IP6T_MATCH_ITERATE(e, find_syn_match))
- return 1;
+ return true;
printk("xt_TCPMSS: Only works on TCP SYN packets\n");
- return 0;
+ return false;
}
#endif
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 1/4] Switch hotdrop to bool
2007-06-04 15:10 ` [PATCH 1/4] Switch hotdrop to bool Jan Engelhardt
@ 2007-06-04 15:19 ` Patrick McHardy
0 siblings, 0 replies; 17+ messages in thread
From: Patrick McHardy @ 2007-06-04 15:19 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Developer Mailing List
Jan Engelhardt wrote:
> Switch the "hotdrop" variables to boolean
Applied, thanks.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 2/4] Switch xt_match->match to bool
2007-06-04 15:10 ` [PATCH 2/4] Switch xt_match->match " Jan Engelhardt
@ 2007-06-04 15:20 ` Patrick McHardy
0 siblings, 0 replies; 17+ messages in thread
From: Patrick McHardy @ 2007-06-04 15:20 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Developer Mailing List
Jan Engelhardt wrote:
> Switch the return type of match functions to boolean
Also applied (for 2.6.23 of course).
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 3/4] Switch xt_match->checkentry to bool
2007-06-04 15:11 ` [PATCH 3/4] Switch xt_match->checkentry " Jan Engelhardt
@ 2007-06-04 15:21 ` Patrick McHardy
0 siblings, 0 replies; 17+ messages in thread
From: Patrick McHardy @ 2007-06-04 15:21 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Developer Mailing List
Jan Engelhardt wrote:
> Switch the return type of match functions to boolean
Applied.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 4/4] Switch xt_target->checkentry to bool
2007-06-04 15:11 ` [PATCH 4/4] Switch xt_target->checkentry " Jan Engelhardt
@ 2007-06-04 15:25 ` Patrick McHardy
2007-06-04 15:29 ` Jan Engelhardt
0 siblings, 1 reply; 17+ messages in thread
From: Patrick McHardy @ 2007-06-04 15:25 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Developer Mailing List
Jan Engelhardt wrote:
> Switch the return type of target functions to boolean.
Its actually a shame that we don't return proper errno codes, but I
think that would seriously confuse iptables error messages, so applied.
Thanks Jan.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 4/4] Switch xt_target->checkentry to bool
2007-06-04 15:29 ` Jan Engelhardt
@ 2007-06-04 15:28 ` Patrick McHardy
0 siblings, 0 replies; 17+ messages in thread
From: Patrick McHardy @ 2007-06-04 15:28 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Developer Mailing List
Jan Engelhardt wrote:
> On Jun 4 2007 17:25, Patrick McHardy wrote:
>
>>Jan Engelhardt wrote:
>>
>>>Switch the return type of target functions to boolean.
>
>
> Log correction: return type of xt_target's checkentry().
I already fixed that :)
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 4/4] Switch xt_target->checkentry to bool
2007-06-04 15:25 ` Patrick McHardy
@ 2007-06-04 15:29 ` Jan Engelhardt
2007-06-04 15:28 ` Patrick McHardy
0 siblings, 1 reply; 17+ messages in thread
From: Jan Engelhardt @ 2007-06-04 15:29 UTC (permalink / raw)
To: Patrick McHardy; +Cc: Netfilter Developer Mailing List
On Jun 4 2007 17:25, Patrick McHardy wrote:
>Jan Engelhardt wrote:
>> Switch the return type of target functions to boolean.
Log correction: return type of xt_target's checkentry().
Jan
--
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 5/4] Use bools for xt_match
2007-06-04 15:09 [PATCH 0/4] Use bools for xt_match and xt_target Jan Engelhardt
` (3 preceding siblings ...)
2007-06-04 15:11 ` [PATCH 4/4] Switch xt_target->checkentry " Jan Engelhardt
@ 2007-06-04 15:29 ` Jan Engelhardt
2007-06-04 15:30 ` Patrick McHardy
4 siblings, 1 reply; 17+ messages in thread
From: Jan Engelhardt @ 2007-06-04 15:29 UTC (permalink / raw)
To: kaber; +Cc: Netfilter Developer Mailing List
Hi, this one slipped by (I am just going through some more cleanups),
hence, an extra 5th patch on the bools stuff.
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
---
net/netfilter/xt_physdev.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Index: linux-2.6.22-rc3-git6/net/netfilter/xt_physdev.c
===================================================================
--- linux-2.6.22-rc3-git6.orig/net/netfilter/xt_physdev.c
+++ linux-2.6.22-rc3-git6/net/netfilter/xt_physdev.c
@@ -76,13 +76,13 @@ match(const struct sk_buff *skb,
if (!(info->bitmask & XT_PHYSDEV_OP_IN))
goto match_outdev;
indev = nf_bridge->physindev ? nf_bridge->physindev->name : nulldevname;
- for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned int); i++) {
+ for (i = 0, ret = false; i < IFNAMSIZ/sizeof(unsigned int); i++) {
ret |= (((const unsigned int *)indev)[i]
^ ((const unsigned int *)info->physindev)[i])
& ((const unsigned int *)info->in_mask)[i];
}
- if ((ret == 0) ^ !(info->invert & XT_PHYSDEV_OP_IN))
+ if (!ret ^ !(info->invert & XT_PHYSDEV_OP_IN))
return false;
match_outdev:
@@ -90,7 +90,7 @@ match_outdev:
return true;
outdev = nf_bridge->physoutdev ?
nf_bridge->physoutdev->name : nulldevname;
- for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned int); i++) {
+ for (i = 0, ret = false; i < IFNAMSIZ/sizeof(unsigned int); i++) {
ret |= (((const unsigned int *)outdev)[i]
^ ((const unsigned int *)info->physoutdev)[i])
& ((const unsigned int *)info->out_mask)[i];
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 5/4] Use bools for xt_match
2007-06-04 15:29 ` [PATCH 5/4] Use bools for xt_match Jan Engelhardt
@ 2007-06-04 15:30 ` Patrick McHardy
2007-06-04 15:34 ` Jan Engelhardt
0 siblings, 1 reply; 17+ messages in thread
From: Patrick McHardy @ 2007-06-04 15:30 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Developer Mailing List
Jan Engelhardt wrote:
> Hi, this one slipped by (I am just going through some more cleanups),
> hence, an extra 5th patch on the bools stuff.
Folded into 2/4, thanks. If you have more corrections please include
which patch they belong to.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 5/4] Use bools for xt_match
2007-06-04 15:34 ` Jan Engelhardt
@ 2007-06-04 15:33 ` Patrick McHardy
2007-06-04 15:43 ` Jan Engelhardt
0 siblings, 1 reply; 17+ messages in thread
From: Patrick McHardy @ 2007-06-04 15:33 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Developer Mailing List
Jan Engelhardt wrote:
> On Jun 4 2007 17:30, Patrick McHardy wrote:
>
>>Jan Engelhardt wrote:
>>
>>>Hi, this one slipped by (I am just going through some more cleanups),
>>>hence, an extra 5th patch on the bools stuff.
>>
>>Folded into 2/4, thanks. If you have more corrections please include
>>which patch they belong to.
>
>
> If you use an SCM (rather than floating patches), then folding is impossible
> is not it? (Unless you use extra SCM trickery like "git reset".)
stgit. Saves huge amounts of time when trying to keep a clean history.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 5/4] Use bools for xt_match
2007-06-04 15:30 ` Patrick McHardy
@ 2007-06-04 15:34 ` Jan Engelhardt
2007-06-04 15:33 ` Patrick McHardy
0 siblings, 1 reply; 17+ messages in thread
From: Jan Engelhardt @ 2007-06-04 15:34 UTC (permalink / raw)
To: Patrick McHardy; +Cc: Netfilter Developer Mailing List
On Jun 4 2007 17:30, Patrick McHardy wrote:
>Jan Engelhardt wrote:
>> Hi, this one slipped by (I am just going through some more cleanups),
>> hence, an extra 5th patch on the bools stuff.
>
>Folded into 2/4, thanks. If you have more corrections please include
>which patch they belong to.
If you use an SCM (rather than floating patches), then folding is impossible
is not it? (Unless you use extra SCM trickery like "git reset".)
Jan
--
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 5/4] Use bools for xt_match
2007-06-04 15:43 ` Jan Engelhardt
@ 2007-06-04 15:43 ` Patrick McHardy
0 siblings, 0 replies; 17+ messages in thread
From: Patrick McHardy @ 2007-06-04 15:43 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Netfilter Developer Mailing List
Jan Engelhardt wrote:
> On Jun 4 2007 17:33, Patrick McHardy wrote:
>
>>>>Folded into 2/4, thanks. If you have more corrections please include
>>>>which patch they belong to.
>>>
>>>If you use an SCM (rather than floating patches), then folding is impossible
>>>is not it? (Unless you use extra SCM trickery like "git reset".)
>>
>>stgit. Saves huge amounts of time when trying to keep a clean history.
>
>
> But that only works until merge, does not it? (I for my part use
> quilt on top of git (tracking only), I tell ya, that's fun ;-)
Of course. But once I've merged a tree I throw it away.
(Actually you can uncommit patches that don't originate
in your tree, but it of course can't change patches in
Linus' tree :))
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 5/4] Use bools for xt_match
2007-06-04 15:33 ` Patrick McHardy
@ 2007-06-04 15:43 ` Jan Engelhardt
2007-06-04 15:43 ` Patrick McHardy
0 siblings, 1 reply; 17+ messages in thread
From: Jan Engelhardt @ 2007-06-04 15:43 UTC (permalink / raw)
To: Patrick McHardy; +Cc: Netfilter Developer Mailing List
On Jun 4 2007 17:33, Patrick McHardy wrote:
>>>
>>>Folded into 2/4, thanks. If you have more corrections please include
>>>which patch they belong to.
>>
>> If you use an SCM (rather than floating patches), then folding is impossible
>> is not it? (Unless you use extra SCM trickery like "git reset".)
>
>stgit. Saves huge amounts of time when trying to keep a clean history.
But that only works until merge, does not it? (I for my part use
quilt on top of git (tracking only), I tell ya, that's fun ;-)
Jan
--
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2007-06-04 15:43 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-06-04 15:09 [PATCH 0/4] Use bools for xt_match and xt_target Jan Engelhardt
2007-06-04 15:10 ` [PATCH 1/4] Switch hotdrop to bool Jan Engelhardt
2007-06-04 15:19 ` Patrick McHardy
2007-06-04 15:10 ` [PATCH 2/4] Switch xt_match->match " Jan Engelhardt
2007-06-04 15:20 ` Patrick McHardy
2007-06-04 15:11 ` [PATCH 3/4] Switch xt_match->checkentry " Jan Engelhardt
2007-06-04 15:21 ` Patrick McHardy
2007-06-04 15:11 ` [PATCH 4/4] Switch xt_target->checkentry " Jan Engelhardt
2007-06-04 15:25 ` Patrick McHardy
2007-06-04 15:29 ` Jan Engelhardt
2007-06-04 15:28 ` Patrick McHardy
2007-06-04 15:29 ` [PATCH 5/4] Use bools for xt_match Jan Engelhardt
2007-06-04 15:30 ` Patrick McHardy
2007-06-04 15:34 ` Jan Engelhardt
2007-06-04 15:33 ` Patrick McHardy
2007-06-04 15:43 ` Jan Engelhardt
2007-06-04 15:43 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.